We’re installing Microsoft Sharepoint as the new company portal. Part of their functionality is to index and allow people to search across file shares. This had some unintended consequences.
Our department share is open to access to all in the department. Some people forget about that when posting data. Normally this isn’t a problem, because who has the time to go snooping around. Now with an indexed search an innocent search for one thing could uncover access to a tempting file name and description. Better to keep that temptation far away and restrict access to sensitive permissions.
There are also ACL misconfigurations. For a while object owners were able to change permissions. This mean that our intended permission structure was being undercut. Sometimes subfolders suddenly have the everyone permission. Normally a user would never even know they could access a folder several layers deep like that, but with the Sharepoint indexed search all is found.
Sometimes a large amount of data is migrated from another server preserving NTFS permissions. This brings another administrators mistakes into our NTFS permission scheme. Same problem with the search.
And of course we make mistakes ourselves. Sometimes we’re pressured into a stupid permission structure that doesn’t match the default scheme. Other times it might be just a typo.
These things need to be resolved. I just wish we’d been able to do it on our own timetable. The good news is most of the “everyone” permissions are being removed.