I have a folder (Folder B) that I am trying to ensure is restricted to authorised employees only. I’ve been given a screenshot of the folders ACL which shows only a handful of individually listed employees. I am not on this list but I am able to access the folder.
Looking at the ACL for the folder above (Folder A) this contains the ‘Everyone’ group with Read and Modify permissions for this folder and subfolders.
Can I just confirm that because the Everyone group has permissions listed in Folder A including subfolders, it can fully access Folder B despite it not being explicitly listed in the ACL for Folder B?
If this is the case how can I determine how many user accounts are within the Everyone group, just so I can put this into perspective for management? i.e. Folder B containing sensitive data can potentially be accessed by 8000 employees because of the permission granted to the Everyone Group in Folder A? Also is there a way to determine if anonymous users are part of the Everyone group? I’ve read that at around 2008 this was removed from the group but I would like to clarify this.