Automated access to SharePoint. How to facilitate the work of the administrator and to establish control over the distribution of rights
Today, widespread use of SharePoint portals across the organization is becoming increasingly common. SharePoint is used not only as a tool for collaboration and editing documents, but also as a means of storing data, which often replaces the function of a file server.
Providing access to SharePoint resources is often a rather laborious process that falls entirely on the shoulders of SharePoint administrators. Depending on how it is regulated, control is also provided. In this case, the criteria by which access is granted to a particular user may not always be obvious.
Varonis DataPrivilege will help automate this process, freeing administrators from the work of providing access, and fully controlling it.
Let's imagine the following situation. The user is trying to open a SharePoint site page. And he sees the standard access denied page, which appears if there is no access. Then the administrator receives information that a certain user requests access to the resource. The administrator either grants or refuses this access.
In the presence of Varonis DataPrivilege, the request for access comes precisely to the person who is the "owner" of this resource. For example, uses it most often or is responsible for it. Moreover, the user can request perpetual access, and the person who authorizes this request can set the end date for access — and the system itself will automatically take this access. You can also “trim” the rights themselves if the authorizer believes that the level of access requested by the user is too high for his official duties. Similarly, a user can request access to SharePoint groups or AD groups. The request and approval mechanism is identical.
Convenience for the users themselves is ensured primarily by the fact that the request for access can be automatically redirected from the portal page, to which there is no access, to the web interface of the Varonis DataPrivilege with the username fields and resource names already filled. The user will only have to indicate the reason for the need to provide access, the level of access itself and the period for which access can be granted. After that, the application leaves for approval, and the user can see the entire authorization chain and, subsequently, receive notifications by mail about the application being passed. In addition, the system has an interface in Russian and is quite simple to use - it is extremely difficult for the end user to become entangled in it.
It should be noted also the possibility of creating various access authorization chains. You can not only automatically send all requests for access to the conditional “owner” of the resource, but also embed in this process, for example, information security officers if certain resources contain confidential information. The system also allows you to create automatic authorization rules, when the application for access of certain groups of users to certain resources can be approved or rejected automatically. In addition, DataPrivilege can also signal to which SharePoint resources access was granted to bypass the DataPriviege system itself. All this makes it possible to establish clear control over the procedure for granting access to SharePoint resources and, in addition, to delimit access in such a way that users who, by virtue of their official duties, should not have access to certain resources, will not have it.
Thus, it can be argued that Varonis DataPrivilege can significantly relieve SharePoint administrators from addressing access issues, in addition, it allows you to build a controlled process of distributing rights to resources and adding users to groups, which reduces the risk of redundant access, or user should not be due to his official duties. It should also be noted that all of the above is also true for file servers.
Providing access to SharePoint resources is often a rather laborious process that falls entirely on the shoulders of SharePoint administrators. Depending on how it is regulated, control is also provided. In this case, the criteria by which access is granted to a particular user may not always be obvious.
Varonis DataPrivilege will help automate this process, freeing administrators from the work of providing access, and fully controlling it.
Let's imagine the following situation. The user is trying to open a SharePoint site page. And he sees the standard access denied page, which appears if there is no access. Then the administrator receives information that a certain user requests access to the resource. The administrator either grants or refuses this access.
In the presence of Varonis DataPrivilege, the request for access comes precisely to the person who is the "owner" of this resource. For example, uses it most often or is responsible for it. Moreover, the user can request perpetual access, and the person who authorizes this request can set the end date for access — and the system itself will automatically take this access. You can also “trim” the rights themselves if the authorizer believes that the level of access requested by the user is too high for his official duties. Similarly, a user can request access to SharePoint groups or AD groups. The request and approval mechanism is identical.
Convenience for the users themselves is ensured primarily by the fact that the request for access can be automatically redirected from the portal page, to which there is no access, to the web interface of the Varonis DataPrivilege with the username fields and resource names already filled. The user will only have to indicate the reason for the need to provide access, the level of access itself and the period for which access can be granted. After that, the application leaves for approval, and the user can see the entire authorization chain and, subsequently, receive notifications by mail about the application being passed. In addition, the system has an interface in Russian and is quite simple to use - it is extremely difficult for the end user to become entangled in it.
It should be noted also the possibility of creating various access authorization chains. You can not only automatically send all requests for access to the conditional “owner” of the resource, but also embed in this process, for example, information security officers if certain resources contain confidential information. The system also allows you to create automatic authorization rules, when the application for access of certain groups of users to certain resources can be approved or rejected automatically. In addition, DataPrivilege can also signal to which SharePoint resources access was granted to bypass the DataPriviege system itself. All this makes it possible to establish clear control over the procedure for granting access to SharePoint resources and, in addition, to delimit access in such a way that users who, by virtue of their official duties, should not have access to certain resources, will not have it.
Thus, it can be argued that Varonis DataPrivilege can significantly relieve SharePoint administrators from addressing access issues, in addition, it allows you to build a controlled process of distributing rights to resources and adding users to groups, which reduces the risk of redundant access, or user should not be due to his official duties. It should also be noted that all of the above is also true for file servers.
')
Source: https://habr.com/ru/post/276561/
All Articles