When looking at file access the granularity of access is a powerful tool to consider. Unix allowed a numbering system based on three sets of users – the file owner, the group(s) they were in and everyone. 666 was the sign of the devil! Here’s why.
![image_thumb[1]](http://www.systemed.co.uk/wp-content/uploads/2011/11/image_thumb1.png "image_thumb[1]")
Windows servers (and probably Linux and probably everyone else’s) extend these offerings to allow much finer control.
Here’s some ideas:-
Sector applications – only allow the sector staff to access the areas where the data is kept. Block all access to other users (that’s a 660 above – accounts department can access Sage data with Sage programme)
Policy documents – a small team create and edit these, everyone can see them. Possibly a 664 above.
Personnel documents – very strict controls. Possibly a 600 above, or at most 640.
In general – only allow access when essential. Only allow access to ‘program specific’ data to users who have the application that can read the data. Notepad can cause havoc to some index files for some applications.
That Social Media Stuff