Managing access to shares and servers is a core objective of identity and access management (IAM). POPIA mandates that all processing of personal information pertaining to citizens of South Africa should be done lawfully and the processing organization will be accountable for mismanagement of such information. Hence, the access permissions to servers and shares containing PII should be constantly monitored and managed regularly to comply with the POPI Act and also prevent breaches by privilege abuse. ADManager Plus' file server management capabilities help you efficiently manage access permissions manually and automatically,
File server management option
Navigate to Management> File Server Management > Permission management
Click Modify NTFS permissions. Select the folders and the accounts you wish to modify the permissions for.
Select the required permission settings for inheritance of permissions as well.
Click Save.
Automated time-based access to folders and shares
Navigate to Automation tab > Automation Policy > Create New Automation Policy and configure the following settings.
Automation Policy Name and Description - Enter a suitable name and description for the automation policy.
Automation Category - Choose User Management.
Domain - Choose the domain and OUs where the task should be run in.
Instant Task - From the drop down list, select the 'Add to Group' and choose the security group to which the user needs to be added to.
Successive Task - Select the time period after which you want the permission to be revoked. Select 'Remove from Group' from the drop drown list. Add the Groups from which you would like the user to be removed from.
Click Save.
Now, Navigate to Automation tab > Automation > Create New Automation and configure the following settings.
Automation Name and Description - Enter a suitable name and description for the automation process.
Automation Category - Choose User Management.
Domain - Choose the domain and OUs where the task should be run in.
Automation Task/Policy - From the 'Automation policy' list, select the automation policy created earlier.
Location of CSV - Choose the location of your CSV file which contains the list of users for whom the access permissions are to be modified.
Select the Execution time and Frequency at which you want the time bound access permissions to be granted.
Enable the Notification option if you wish to notify the technician every time the automation gets executed.
Click Save.
In case you missed out, check out the earlier posts in this series on tracking access and permission to data in your organization and establishing organization wide policies for access and permission management, in order to be compliant with POPIA.
Tune in next week for an interesting hack on periodic cleanup of stale user accounts and related user information to align with POPIA compliance requirements!
Cheers,