Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

View and manage cloud storage file sharing permissions

Overview

The Code42 Box, Google Drive, and Microsoft OneDrive data connections help you identify when a file in those cloud storage environments has been shared with others. When users take risky actions like sharing a file publicly, you can view those sharing permissions to determine how best to resolve unsafe sharing. If you have the correct permissions in Incydr, you can also revoke a file's sharing permissions to secure important data.

Considerations

  • You can view and manage sharing permissions only for files in Box, Google Drive, or OneDrive cloud storage environments that are monitored by a Code42 data connection.

  • For OneDrive and Google Drive, viewing and managing file sharing permissions requires additional OneDrive permissions or Google Drive scopes. To add these new permissions or scopes to these data connections if they don't already exist, deauthorize and resume monitoring the data connection.

  • The data connection's status must be Monitoring in order for you to view and manage its files' sharing permissions.

  • To use this functionality, Incydr users must be assigned specific roles. For more information, see Permissions for Incydr

View and revoke a cloud storage file's sharing permissions

  1. Sign in to the Code42 console.
  2. Locate the cloud storage sharing event for the file.
    You can access information about file events from many places, such as Forensic Search, Cases, Alerts, the All Users list, and the Risk Exposure dashboard.
  3. Open the event details for that file.
  4. In the Share type row under Event, click either View sharing or View and manage sharing.
    The label on the button varies depending on your permissions in Incydr.
    View sharing button in the event details
    When you click the button, Code42 opens a new tab, requests that file's list of sharing permissions from the cloud storage vendor, and then displays that list in the new tab. If any errors occur, the tab lists the cause of the error and how to resolve it.
  5. If you have the Insider Risk Admin or Insider Risk Respond role, you can revoke a file's sharing permissions to untrusted or unauthorized users. When you revoke specific sharing permissions, those users lose their access to that file. Select the checkboxes next to the permissions and then click Revoke.
    • You cannot revoke permissions for file owners.
    • Because cloud storage environments often have several methods to share files, a single user may have multiple sharing permissions and can be listed more than once. Select the checkbox next to each entry to fully remove that user's sharing permissions.
    • If any errors occur, the tab lists the permissions that were successfully revoked along with those that failed. For those that failed, try to revoke them again later. See also Troubleshoot errors below for more information.
      Revoke a file's sharing permissions

How sharing permissions are listed

  • Incydr lists the first 50 entries in the file's sharing permissions. If the file is shared with more than 50 users, view the file in the cloud storage or contact your system administrator to identify the file's remaining sharing permissions.
  • Sharing permissions that the file has inherited from its parent folder are not listed.
  • If a file is shared with a user who does not have a Box account, Box invites that user to create an account in order to access the file. These users are shown in the list as "Invited" until they accept the invitation and create an account.

Troubleshoot errors

If your request to view or revoke a cloud storage file's sharing permissions fails, see below for ways to resolve the issue.

Insufficient permissions

  • The cloud storage data connection does not have a status of Monitoring. Resolve any errors with the data connection and try again.
  • The Code42 Google Drive or OneDrive data connection does not have the permissions required to fulfill your request. Deauthorize and resume monitoring the data connection to add the permissions required. For details on the permissions needed, see the following articles:

File not found

  • The file may have been moved or deleted from the environment and cannot be found.
  • Use Forensic Search to identify whether the filename or MD5/SHA256 hash exists on any other monitored devices or cloud storage drives for investigation.

Request denied

The vendor may have throttled the Code42 data connection.

  • Throttling can happen when too many API requests have been made to access information about file activity (such as during initial indexing). In OneDrive, throttling is based on all applications' requests. Requests from the Code42 data connection may be impacted by other applications in your OneDrive account.
  • Verify that the data connection has completed the initial inventory process and that it is not currently discovering files. Try to view the file again later when fewer (or no) requests are being made.

Something went wrong

An unknown error occurred, preventing your request. Return to the event details and try again.

  • Was this article helpful?