[Owasp-leaders] Confidentiality in SharePoint

Theo Sagoe theodore.sagoe at owasp.org
Wed Apr 18 07:23:43 UTC 2018


Hello Dhruv,

The intention is to use SharePoint to manage all documents and other
corporate content.

Exactly, that is the issue - when permissions are not maintained properly
and users forget to revoke permissions.
How can I then assure my client there is complete secrecy?

Also, using a scenario where a user mistakenly shares a document/content
with another user?
The client needs assurances that such a situation will not compromise
confidentiality of the document.

Thanks, Theo.

On Wed, Apr 18, 2018 at 6:48 AM, Dhruv Jain <dhruv.jain at owasp.org> wrote:

> Hi,
>
> Confidentiality can be maintained by using permissions of sharepoint which
> are quite good on their own. Permissions need to be maintained properly as
> many times, we have seen users forgetting to revoke permissions. For this
> reason, group based permission is preferred.
>
> Regards,
> Dhruv Jain
>
> On 18-Apr-2018, at 12:12 PM, Theo Sagoe <theodore.sagoe at owasp.org> wrote:
>
> Hello everyone and greetings from Ghana.
>
> I am implementing an instance of SharePoint 2013, however it has come up
> that confidentiality is a requirement.
>
> Please does SharePoint provide confidentiality out of the box by default?
>
> Thank you in advance for your assistance.
>
> Regards, Theo.
>
>
> --
> Theo Sagoe
> OWASP Ghana
>
> Email: theodore.sagoe at owasp.org
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Theo Sagoe
OWASP Ghana

Email: theodore.sagoe at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180418/456e96b5/attachment-0001.html>


More information about the OWASP-Leaders mailing list