Tips For Setting Up Folder Permissions Across Your Organization

File permissions within your organization are an important topic you need to have a general understanding of. 

In the event of a data breach, you can quickly pinpoint the potential failure.

It’s also important to plan out access across the company data to your employees on a need-to-know basis.  

There are two methods of managing access:

Permission-Based Access

This gives individual users access to individual areas of the company data. 

For example, user A needs read access to the operations and sales area but have complete control in the HR area.

Role Based Access

This is generally the go-to method most IT providers choose and allows groups of users to be controlled using security groups built into Microsoft’s active directory or Azure services.

The main benefit of role-based access is the ability to enforce strict file permission policies across large groups of users, which will help stop the potential for employees to access sensitive data.  

When new employees join, it’s just a simple case of telling the IT provider what type of role the new user has, and there’s no lengthy email chain or request on what folders/files that need to be provisioned.

Sharepoint & Teams

Role-based access can be applied to standard network shares and modern file systems like Sharepoint and Teams.

There are some other security considerations you need to make when setting up file access within Teams and Sharepoint, including if external sharing is permitted on the file share.

One of the most used features of both these systems is the ability to share files with a URL that can be shared in an email; however, it’s wise to detail and enforces strict security in regards to external users and what they can access if anything.

Guest Access and Anonymous User Access are two features that are automatically turned on in each Team. 

This can create external cybersecurity risks. Imagine if a user were added to a Team as a guest accidentally, and they begin editing folder structures and projects – or worse, deleting them altogether. 

You can edit the settings in each individual Team or Channel to limit the individual permissions of guest users. These settings can be turned off from the settings option in each Team.

Create a Clear Policy

Establishing a standardized process for granting access, naming groups, adding new directories etc., helps to put everything in writing. Clear documentation ensures that you always have a reference point when you are unsure of the proper way to handle a particular case and is especially helpful for getting larger teams of administrators on the same page.

Final thoughts

Most businesses we work with have grown organically over time, and so have their data and folder/file structure. We can offer you a high-level analysis of who has access to what files and help you migrate your data to a more secure and transparent system with our service. Get in touch if you would like to discuss this.