Excessive permissions 

Actonix provides a unified lens across your NTFS File Servers, Active Directory Groups, and SharePoint/OneDrive environments. We don't just show you who has access; we show you who is using it—and who is abusing it.

​

🔍 1. Visibility: The "Who, What, and How"

​

Most IT teams struggle with "Nested Group" hell—where a user is in a group, that’s in a group, that has access to a sensitive share. Actonix flattens this complexity.

​

• Effective Permissions Calculation: Instantly see the actual rights a user has on a folder, accounting for all inherited, nested, and conflicting permissions.

• The "Everyone" Exposure Map: Identify every sensitive folder or resource that is currently accessible to "Everyone," "Authenticated Users," or "Domain Users."

• Shadow Admin Discovery: Find non-admin users who have been granted specific "Full Control" rights over Active Directory OUs or sensitive GPOs.

​

⚖️ 2. Management: Intelligent Rightsizing

​

Actonix doesn't just find the mess; it provides the tools to clean it up without breaking business workflows.

​

• Biometric-Backed Approvals: Integrate Actonix Passwordless MFA into the permission request workflow. If a user needs temporary access to a folder, they verify their identity via biometrics before access is granted.

• Just-In-Time (JIT) Access: Move away from permanent permissions. Grant "Project-Based" access that automatically expires after a set period, preventing "stale" permissions from accumulating.

• Automated Group Membership Cleanup: Identify users who haven't accessed a specific resource in 90 days and automatically suggest their removal from the associated AD groups.

​

🛡️ 3. Protection: Preventing Re-Infection

​

Permission management is a continuous process, not a one-time project.

​

• Unauthorized Change Rollback: If a technician manually adds a user to the "Domain Admins" or "Finance" group outside of your approved workflow, Actonix detects the change and can automatically revert it.

• Permission Drift Alerts: Receive instant alerts via Email or SMS when permissions on "Crown Jewel" folders are modified.

• MITRE ATT&CK Mapping: Visualize how excessive permissions contribute to specific attack techniques like TA0008 (Lateral Movement) or T1078 (Valid Accounts).

​

📊 4. Compliance: DPDP & Audit Readiness

​

The Digital Personal Data Protection (DPDP) Act requires strict "Purpose Limitation."

​

• Access Certification Reports: Automatically generate reports for department heads to "Certify" that their team members still require the access they currently have.

• High-Scale Audit Trails: Using the Trino/Iceberg Data Lake, search years of permission change history in seconds to prove to auditors that your data was protected by "Reasonable Security Safeguards."