When creating tracking groups for a policy, one of the available entity types is File Permissions. This entity type identifies files that have the selected permission level or sharing. When you select the File Permissions entity type, the Select a function list populates with different permission and sharing options you can select.
If you select a permissions option, the Select permissions level list will appear and populate with permissions options: Read, Write, Read and Write, and Full. This function requires data source configuration to select the user or group for whom you are looking to identify file permissions. At this time, you can only specify internal accounts (accounts that exists on the platform); you cannot select external users.
If you select one of the two sharing links options, the Select shared link type list will appear and populate with sharing options. You can select internally shared links, eternally shared links, or all sharing links.
The Overshared function allows you to identify files shared with a group that provides access to a potentially large audience. This is determined based on sharing options available per connector. The following group assignments are used to determine when a file is overshared.
Platform | Overshared Groups |
|---|---|
Network File System | Everyone |
Microsoft Office 365 | Everyone except external users |
Dropbox for Business | Everyone at <Organization Name> |
Box | No built-in groups are available that grant file/folder permissions. |
No built-in groups are available that grant file/folder permissions. |
When you select the File Permissions entity type, the remaining tracking group fields automatically populate. You can edit the defaults as needed.
For the has links and has permissions functions, the operator will be Equals, and the value will be True.
For the does not have permissions functions, the operator will be Equals, and the value will be False.
For count functions, standard numeric operators will be available to select, and you will need to specify the value.
For the Is Overshared function, the operator will be Equals, and the value will True.
When a function is selected that requires an account or group for each data source to be configured, you will see a “Data source configuration necessary" message. You will need to complete the setup for the tracking group by configuring the data source to specify the user or group you want to track.
When configuring the data source for the File Permissions entity type, you can only select one account or group at a time; therefore, if you need to find file permissions for multiple accounts and/or groups, you will need to add the File Permissions entity type to the tracking group multiple times. For example, if you need to find file permissions for three users, you will need to add the “User has Permissions” function three times. You will then assign a user to each entry. See Configuring Data Sources: File Permissions for information on how to configure the data source.
Skipping Configuration
If you select the Allow configuration to be skipped on individual data sources option, you will have a Skip action link when configuring the data sources. You can use this link to skip setting up the configuration, which will clear the notifications for this data source. This is useful for data sources that don’t support the selected user or group permissions.