Cut the Clutter: Test Ignore Files Feature - sign up to become a beta tester here.
Forum Discussion
How can I generate an audit report including who has access to our files?
I've noticed a file here and a file there where someone has granted access to someone outside our company.
I need to generate an audir report of these access grants to make sure we don't have any security issues.
How can I do this?
7 Replies
Replies have been turned off for this discussion
- Mark
Super User II
I dont think you can.
Shared links are viewable by anybody, at all. There is no security authentication on them when people go to view them unless a password has been set (and even then anybody can use the password if they have it).
https://www.dropbox.com/help/files-folders/view-only-access
The following may also help:
https://www.dropbox.com/help/business/team-sharing
https://www.dropbox.com/help/business/share-outside-team I can see the sharing that's been set on individual files and folder, but what I need is an overall report of who can access which files. I'm not sure how to demostrate or prove to an auditor that we have access of information under any control at all in Dropbox.
Maybe OneDrive wasn't so bad.
Oh, yes, it was.
- MarkYou cant do what you want I'm afraid because there is no way of knowing who is accessing (or has accessed) those files. Thats because, as I said, they are just a 'web link' that anybody at all can access - there is no authentication or ID appended to the links to know who is accessing what/when.
Let me try again. I want to know which users have been granted access to files. I don't care if they have accessed them in the past. I care about whether they can access them now or in the future. Who has access to which data is the question.
The dropbox UI I've seen does not seem to provide a way to do this which suprises me because it seems like such a necessary part of any security/privacy audit. I'm hoping I just haven't looked hard enogh or I missed some key point. I'd hate to have to move all my company's data off dropbox because I can't provide the audit data needed.
I'm not willing to look through all of the individual files. I need a report of some sort that will provide this information.
- Walter
Dropbox Community Moderator
I'm not sure if this helps (as I don't know the exact plan you're on) but have you tried going to your Admin's Console and then on the Activity Tab from the left pane MikeAtInSpeed? More info on how to create an activity report can be found here .
Let me know if this helps!
- MarkThe issue is Mike as I have said - that information is NOT available if they are not within your own company.
As I have said "there is no way of knowing who is accessing (or has accessed) those files. Thats because, they are just a 'web link' that anybody at all can access - there is no authentication or ID appended to the links to know who is accessing what/when".
The data listed by Walter shows WHAT files are shared but not WITH WHOM. Because that bit is not available. Its not stored. Its not recorded. I have your exact same question/challenge.
