Apply
Apply
  1. U of R Home
  2. Information Services
  3. Tech Notes
  4. Monthly Folder Permissions Report Review Procedures

Monthly Folder Permissions Report Review Procedures

Computing Services

Technote #642

Title: Monthly Folder Permissions Report Review Procedures
Applies to: UofR Directory Managers 
Section: File & Deployment
Owner: Manager, File & Deployment Services
 
Last updated: March 31, 2026

Purpose 
The Monthly Permissions Excel Report is used to verify who has access to a directory and its subfolders, and to identify changes that must be made to ensure access matches current job responsibilities. The Directory Manager is the decisionowner for who should and should not have access.  

Instructions: 

  1. Which Sheet You Must Review (Every Month)
Review and approve the THIRD worksheet in the Excel file. 
  • This is the main permissions review sheet 
  • All other sheets are reference/helper tabs (users, roles, groups)  

Official approval of the sheet is required once a year (in October). 
You do not need to approve the other tabs. 

  1. Understanding Folder Access Logic (Critical)

Parent vs. Subfolder Access 

  • Access to a folder grants access to EVERYTHING below it, unless a private folder exists. The Second worksheet lists all private folders.  
  • If no private folders exist, anyone with access to a parent folder automatically sees:  
    • All subfolders 
    • All files in subfolders 
  • A private folder does NOT inherit permissions from the parent folder 
  • Only users explicitly assigned to a private folder can see it 
  • Permissions assigned directly to a private folder are inherited automatically to private folder sub-folders.  
  • Private folders can be requested if confidential material needs to be restricted  
  1. Types of Access You Will See
Direct User Access 
  • A person is listed by name 
  • Access applies exactly as shown 
Role or Group Access 
  • Access is granted through a role or group 
  • All members of that role/group inherit the access  
  • Roles are preferred for continuity when staff change 

⚠️ If a person has both direct access and group access to the same folder, one of them may be unnecessary.

  1. What to Look for During Review

Use the main worksheet to identify: 

People who should still have access 
 People who should have reduced access (subfolder only) 
 People who should no longer have access at all 
 Duplicate access (e.g., same person listed multiple times via role + direct access)  
 New hires accidentally given full parentfolder access  
 Folders or materials that are no longer used and can be removed  

If you are unsure why someone has access, that decision belongs to you as Directory Manager—review it based on job requirements 

  1. How to Request Changes (No Separate Tickets)
Do NOT create multiple access tickets 
Instead: 
  1. Highlight the row(s) in the Excel sheet 
  2. Add a clear comment, such as:  
    • “Remove access”
    • “Change to subfolder only” 
    • “Add access for [Name]” 
    • “Remove duplicate – access already granted via role”  
  3. Send the annotated spreadsheet back to IT as instructed All changes can be processed in one pass.  
  1. Common Scenarios (Based on Past Reviews)
  • Staff who changed roles may appear twice (old role + new role) → remove the old one  
  • Users granted access to a parent folder when they only require one subfolder → restrict access  
  • Removing group access will remove access for all members of that group  
 
  1. Monthly Outcome Checklist
By the end of your review: 
  • Access reflects current job needs 
  • No unexplained fullfolder access 
  • No duplicate or legacy access 
  • Notes clearly indicate all required changes  

Key Reminder 

IT executes the changes — the Directory Manager decides what is correct. 
If something looks wrong, document it in the sheet; clarification is expected during review.