Installer Guides

Folders

Overview

The Access Governance Folders module enables organisations to monitor folder and file access and maintain governance over sensitive information. It ensures that files and folders with potentially problematic access are flagged based on their risk of exposure. Items are accurately classified according to access types such as Open Access, External Access, or Restricted Access. Files and folders requiring review—due to broad access, broken inheritance, or the presence of sensitive information—are automatically flagged, while items not deemed risky are auto-approved. This automates and simplifies the management of access and inheritance across folder hierarchies, ensuring consistent protection of sensitive data.

This section explains access types, review workflows, dashboard usage, and practical steps for managing folders and files.

Understanding Access Types

Open Access Folders or files that are publicly shared or widely accessible to organisational groups.

Restricted Access Folders or files limited to specific users or groups.

Understanding Review Status

Needs Review and Auto-Reviewed

  • Needs Review: Items are flagged if they are openly accessible and contain sensitive data, or if they have open access and inheritance is broken from the parent.

  • Auto-Reviewed: Items not having sensitive data which are openly accessible, or inheriting correctly from a parent folder, are automatically marked as reviewed, reducing manual work.

These mechanisms allow users to focus on areas requiring governance action, ensuring compliance and prioritising sensitive folders and files.

Navigating to the Folders section

To access the Folders section within the Access Governance module:

  • Use the top navigation bar on the home screen.

  • Click on the Datasources tab.

  • From the list of available data sources, select SMB server.

  • When the SMB server dashboard opens, choose the Folders tab within the Governance section in the left panel.

The Folders section provides an overview of all onboarded folders and files, showing how access is structured and highlighting which items are open or restricted. This allows users to quickly identify widely accessible items, detect potential exposure of sensitive data, and pinpoint folders where governance policies need to be enforced.

Governance Dashboard Widget

The Dashboard Widget provides users with a high-level summary before selecting View All to access the more detailed Folders Dashboard.

The Open Access Summary Widget appears on the Governance Dashboard and provides:

  • A pie chart showing how many files with open access exist, how many need review, and how many have been auto-reviewed.

  • Data on the number of files and folders that are openly accessible and contain sensitive data, as well as the number of files and folders that need review.

High-Level View

The Folders Dashboard is structured into three sections:

Top Section Search and Folder Navigation

  • Search Bar: Enables the user to quickly locate specific folders or files.

  • Parent and Child Folder Navigation: Provides a hierarchical navigation to move between the parent folder and child folders. You can also view the path and navigate up from the breadcrumb.

  • Folder Details: Shows which groups or users have access, with open or restricted status.

Metadata and Folder Information

  • An icon next to a folder name indicates whether it is inheriting from the parent.

  • User and group access levels can be viewed for each folder.

  • The last modified date is displayed per folder.

  • A folder link in SMB provides a direct link for quick navigation.

Middle Section – High-Level Insights

  • Needs Review: Shows items flagged because they are open with sensitive data or are openly accessible and have broken inheritance.

  • Open Access (Sensitive): Shows a count of files with open access containing sensitive data.

  • Open Access (Total): Shows the overall count of open items, sensitive or not.

Bottom Section – Folder Contents and Filters

  • Folders: Displays a list of folders with access type, review status, and inheritance details.

  • Files: Displays a list of files with sensitivity, open access, and review status indicators.

  • Filters: Enables narrowing of results by access type, open objects, sensitivity, or review status.

  • Actions: Enables users to change the review status of selected folders or files. From the Actions menu, an item marked as Needs Review can be updated to In Progress when assessment begins, or to Reviewed once verification is complete. This ensures that governance progress is clearly tracked and consistently applied.

Detailed View

Once you have reviewed the high-level dashboard and its navigation elements, select an existing folder to modify (for example, Departments). This will open the personalised dashboard for the selected folder, where you can review the number of sensitive files and adjust permission levels as required.

Navigation elements within the Detailed View follow the same format and functionality as the High-Level View. The only navigation difference is that this detailed view includes more metadata within the top portion of the screen.

Metadata and Folder Information

  • Provides a hierarchical navigation to move between the parent folder and child folders. You can also view the path and navigate up from the breadcrumb.

  • An icon next to a folder name indicates whether it is inheriting from the parent.

  • Review Status can be viewed and changed as needed.

  • User and group access levels can be viewed for each folder.

  • The last modified date is displayed per folder.

  • A folder link in SMB provides a direct link for quick navigation.

Customising Filters

After reviewing the folder and file summary, you can refine what is displayed by customising filters.

To customise filter settings:

  • Select each drop-down individually in the bottom left; or

  • Select All Filters, which opens a window displaying the full range of options.

Filter options include:

  • Access Type Filter: Enables users to filter items visible on the current page.

  • Open Objects Filter: Enables users to view folders containing open access items, even if the parent folder is restricted.

  • Other Filters: Enables filtering by sensitivity, review status, or inheritance status.

Inheritance and Review Logic

  • If inheritance is broken and a folder is open, it is automatically flagged for Needs Review.

  • If inheritance is intact and the folder is open, child folders can be auto-reviewed and marked accordingly.

  • Reviewing inheritance at the parent folder level ensures efficiency: fixing one folder (for example, Other Extensions) can automatically restrict access for all child folders.

Example Review Workflow

Folder Structure

  • Share: Departments

  • Child Folders: Marketing, HR, IT, Engineering

Steps

  1. Access the Folders Page.

  2. Open the Departments share to view child folders.

  3. Review the access type for each child folder (Open or Restricted) and check the inheritance status.

  4. Determine review needs based on the following scenarios below.

Note that in the following example, the oob folder displays an inherits from parent icon, whereas the Marketing folder shows a broken inheritance icon, indicating that the child folder differs from its parent. Once the folder type has been confirmed, the number of sensitive files can then be reviewed to help determine the order in which the sub-folders should be examined.

Scenario 1: Parent Restricted, Child Folder Open

  • Review the child folder individually if it contains sensitive data.

  • Take appropriate actions.

  • Mark as Reviewed once verified.

Scenario 2: Parent Restricted, Child Folder Restricted, Inheritance intact

  • If no sensitive data exists, mark the parent folder as Reviewed.

  • Child folders automatically inherit the reviewed status.

Scenario 3: Parent Open, Child Folder Open, Inheritance Intact

  • Review the parent folder and determine if open access is necessary.

  • Take appropriate action.

  • Mark the parent as Reviewed. This automatically marks all inheriting child folders as Reviewed.

Scenario 4: Parent Open, Child Folder Restricted

  • Child folders are auto reviewed in this scenario since restricted child folders generally do not require separate review unless flagged for sensitive data.

  • Verify child folder status before marking the parent as Reviewed.

Reviewing Files

  • Files follow the same concept as folders, with filters to show inheritance from the parent.

  • Revoke Access Option: Available under Actions in the far right; automatically marks the file as reviewed once applied.

  • Files without sensitive data can be quickly reviewed and marked as acceptable, even if open access remains.

  • Bulk Review: Multiple files or folders can be selected and reviewed simultaneously.

Purpose and Utility

  • Provides a centralised overview of folder and file access across the organisation.

  • Prioritises items for review based on sensitivity and inheritance status.

  • Streamlines governance through automated and manual review workflows.

  • Improves efficiency and compliance, reducing the risk of sensitive data exposure.

PreviousAccess Governance at a Data Source LevelNextAccess Review

Last updated