Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

What About Individual Users on ACL's?

One question I received in response to our recent post about aligning windows security groups and automating entitlement reviews was, “If you’re using single-purpose security groups and managing them automatically...
David Gibson
1 min read
Published August 20, 2011
Last updated June 23, 2022

One question I received in response to our recent post about aligning windows security groups and automating entitlement reviews was, “If you’re using single-purpose security groups and managing them automatically with an automated solution like DataPrivilege®, why use groups at all? Why not just assign users directly to the ACL?” That’s a great question (even though the idea may seem like heresy in the windows world).

There’s also a great answer: Applying NTFS permissions takes a very long time when you have to write the ACL’s (access control lists) on a large number of subfolders and files—sometimes it can take hours or even days with a large directory structure. Therefore, for now at least, we seem to be better off using groups and relatively static ACL’s to minimize the number of times permissions have to be applied to individual files and folders. In contrast, moving users into and out of groups is relatively quick, though replication can take a while, and users often have to log out and log back into AD for changes to take effect.

Some organizations have opted for a different approach that goes against what has become accepted as best practice—using Windows share permissions instead of NTFS permissions. I’ll discuss the pros and cons of this technique next time.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

introducing-automated-posture-management:-fix-cloud-security-risks-with-one-click
Introducing Automated Posture Management: Fix Cloud Security Risks with One-Click
Varonis launches Automated Posture Management to effortlessly fix cloud Security risks with a simple click of a button
what's-new-in-varonis:-may-2023
What's New in Varonis: May 2023
Check out the new features that help security teams automatically enforce least privilege and uniformly apply sensitivity labels across their hybrid cloud and on-prem environments.
what-is-sspm?-overview-+-guide-to-saas-security-posture-management
What is SSPM? Overview + Guide to SaaS Security Posture Management
SaaS security posture management (SSPM) is an automated solution that helps bolster the protection of all SaaS applications used by organizations.
varonis-opens-australia-data-centre-to-support-saas-customers
Varonis Opens Australia Data Centre to Support SaaS Customers
Australian expansion allows Varonis customers to achieve automated data security outcomes while following national standards for data privacy.