Replace direct permissions with group memberships

<< Display table of contents >>

Navigation:  Start > Using 8MAN - The Services > Threat & Gap Management > +8MATE Clean! >

Replace direct permissions with group memberships

Background / Value

Direct permissions are inefficient because users need to be managed individually. They should be avoided and replaced with group permissions. 8MATE Clean! identifies all direct permissions on you file servers and turns them into group memberships.


This has the following advantages:

Direct permissions cause unresolved SIDs wehen user accounts are deleted. These can then be used by other users to gain unauthorized access to sensitive data. Direct permissions also increase the length of the ACL on your file server and consequently the time needed to verify whether a user will get access to the requested resource.


Alternative services:

If access should be removed for accounts with direct access, then we recommend deleting all direct permissions.


8MATE Clean! Handbook: Deleting direct permissions


8MATE Clean! is managed and operated by our experienced System Engineers.

Contact us for more information: