In this post, you will learn how to perform a permission analysis of your file servers in a very elegant manner. Taking the inventory of these permissions is particularly exciting as this task will occur in each and every network and the results provide a wealth of highly detailed information. You will be delighted when you see the graphical evaluations provided by Docusnap! It has never been fun to document and evaluate this kind of information – until now. For details on how to proceed, please refer to the Docusnap User Guide.
In Docusnap, you can achieve these results by using the inventory feature for NTFS directory structures. Just select the server and the shares to be scanned and, provided you have the required access permissions, the desired information will be available at a click of the mouse. As usual, the information will be retrieved according to the selected archiving depth and stored in the Docusnap database.
Comprehensive data access analysis
In Docusnap, it is not only possible to view access rights to folders and files, but you can also see which data a user has access to. This works across any groups that might have been configured. So, it is quite easy to assess exactly who had access to a particular file. Of course, Docusnap will take nested access groups into account and visualises them as well. For security reasons, the use of access groups is recommended, but they have to be documented in a clear and traceable way. This means that you must be able to trace who was a member of a particular group at a certain point in time. So you will also need data from your directory service.
With the Permission Analysis module of Docusnap, you have a tool at hand that helps you verify the implementation of the need-to-know principle. Make the functional divisions of your company a part of this process. The respective managers define the access rights to the data and are responsible for them. The sole task of the IT department here is to implement the desired shares technically.
Do you know any other tool that is able to query and visualise access rights? There is nothing that compares to Docusnap. Above all, file servers soon have to manage hundreds of thousands of files and folders. Would you really go and document all of them manually? Each and every file? And even if you manage to do so, you can be sure that the documentation will be outdated the very moment you complete it.
Simply granting users access rights to all files is no solution either
You might wonder why you need to know who has which permissions. After all, the main thing is that your users can do their work and are not restricted by missing access rights. Well, it is not as easy as that and you should not take the easy way out. File accesses need to be controlled and documented. Not just for the fun of it, but in order to comply with all pertinent laws and legal regulations, such as data privacy. This way, you make sure that the required safeguards are in place because you will be able to provide a current set of information and the related evidence at any time.
The documentation of file servers and the associated access permissions must be an integral part of every (good) IT documentation. In addition, it will help you move forward and protect your data from unauthorised access. This documentation is an important part of your IT security. The alternative to the paid Docusnap module would be an Excel table, but the overhead required to create and update one is beyond reason.