Tips For Setting Up Folder Permissions Across Your Organisation
File permissions within your organisation is an important topic you need to have a general understanding of. Then, in the event of a data breach, you can quickly pinpoint the potential failure. It’s also important to plan out access across the company data to your employees on a need-to-know basis. There are two methods of managing access:
Permission-based access gives individual users access to particular areas of the company data. For example, user A needs read access to the operations and sales area but need to have complete control in the HR area.
Role Based Access
Role-Based access is generally the go-to method most IT providers choose. It allows groups of users to be controlled using security groups built into Microsoft’s Active Directory or Azure services.
The main benefit of role-based access is the ability to enforce strict file permission policies across large groups of users, which will help stop the potential for employees to access sensitive data.
When new employees join, it’s just a simple case of telling the IT provider what role the new user has, and there’s no lengthy email chain or request on what folders/files need to be provisioned.
Sharepoint & Teams
Role-based access can be applied to standard network shares and modern file systems like Sharepoint and Teams. However, there are other security considerations you need to make when setting up file access within Teams and Sharepoint, including if external sharing is permitted on the file share.
One of the most used features of both these systems is the ability to share files with a URL that can be shared in an email; however, it’s wise to detail and enforce strict security regarding external users and what they can access if anything.
Guest Access and Anonymous User Access are two features that are automatically turned on in each Team. This can create external cybersecurity risks. Imagine if a user accidentally added to a Team as a guest, and they begin editing folder structures and projects – or worse, deleting them altogether.
You can edit the settings in each Team or Channel to limit the individual permissions of guest users. These settings can be turned off from the settings option in each Team.
Create a Clear Policy
Establishing a standardised process for granting access, naming groups, adding new directories etc., helps to put everything in writing.
Clear documentation ensures that you always have a reference point when you are unsure of the proper way to handle a particular case and is especially helpful for getting larger teams of administrators on the same page.
Most businesses we work with have grown organically over time, and so have their data and folder/file structure. We can offer you a high-level analysis of who has access to what files and help you migrate your data to a more secure and transparent system with our service. Get in touch if you would like to discuss this.