Skip to a section: Required responsibilities | Review folder security | Set user access | Find help and resources
Available to
Piratedrive folder administrators
Required responsibilities
Each department’s Piratedrive folder should have a primary administrator and a backup administrator.
Piratedrive administrators are required to:
- Plan the folder structure.
- Maintain documentation of folder administration.
- Grant and remove user access on as-needed basis. Choose level of access for users (only administrators should have full control).
- Review and modify user access on as-needed basis (at least twice annually).
- Obtain permissions to store sensitive data from the appropriate Data Governance contact/owner.
- Notify ITCS if your role changes and you are no longer a folder administrator.
Review folder security
Remove a user’s access as soon as the user retires, resigns, transfers, is terminated or no longer requires access.
Review folder security twice annually. For auditing purposes, IT Security provides an Excel spreadsheet of folder permissions every six months. Review the permissions, make any necessary security changes, and document when the review/changes occurred. It may also be helpful to document permissions for any folders where non-departmental users have access. Download the Security Review Log template from this page.
Set user access
Consider a user’s role and grant the LEAST level of access required — not everyone needs access to everything!
NTFS File Permission |
Allowed Access |
Read |
View files, folders and subfolders. Also allows viewing folder ownership, permissions and folder attributes. |
Write |
Create new files and folders within the parent folder, view folder ownership and permissions and change the folder attributes. |
List Folder Contents |
View the files and subfolders contained within the folder. |
Read & Execute |
Navigate through all files and subfolders and perform all actions allowed by the Read and List Folder Contents permissions. |
Modify |
Delete the folder and perform all activities included in the Write and Read & Execute NTFS folder permissions. |
Full Control |
Change permissions on the folder, take ownership and perform all activities included in all other permissions. |
Consider:
- Permission updates must be made from a Windows computer only.
- Consider creating a folder for each user to store their own documents.
- Reserve some subfolders for specific types of data and only grant access to authorized users. Data such as SSN and HIPAA should be limited to specific users.
- When adding user permissions, grant the user only the access required. ITCS recommends two basic permissions types:
- Read-only: This allows the user to open files, save them locally, but not make any changes.
- Modify: This allows the user full read/write access.
- Full Control permissions are for the folder administrator/backup administrator. Avoid giving this access to others as it allows them to change permissions. Do not remove permissions for INTRA\domain admins or PIRATEDRIVE\administrators. These groups are required for proper function, maintenance and audit compliance.
- Avoid adding permissions for large, built-in groups like Everyone, Domain Users or Authenticated Users, as this allows anyone at ECU access to your data. It is a security violation to allow unauthorized persons access to your data.
Find help and resources
- For more information on IT Security best practices, resources, and compliance, visit the ECU IT Security website.
- Information on HIPAA privacy and security can be found at HIPAA website.
- Further information on sensitive information is found on the Data Governance website.
- Folder administrators can always contact the IT Service Desk 252-328-9866 for assistance.