SphereShield for SharePoint and OneDrive - How It works

Owned by Agat Support
Last updated: Mar 31, 2024 by Yoav Crombie
2 min read

Overview

The SharePoint Governance allows setting the users who are allowed to be members of SharePoint sites. The menu displays a list of all sites, and for each site, you can choose one of the following:

image-20240325-134901.png

  • None: nothing was set yet for this site

  • Ignore: Do not check members

  • Allowed Groups: a list of AD groups whose members can join the site, supporting nested groups*.

*When someone is added to a Site/File, SphereShield will check if they are in a group defined as an Allowed Group or if their parent group (one generation up) is in the Allowed Groups. If their Group or Parent group is in the Allowed Groups, they will be able to join the Site or folder/file; otherwise, they will be blocked (in Proxy mode) or removed (in Adapter mode).

Proxy mode - Blocking a user from being added to a site in SharePoint - Example:

Imagine Alice, who is a Manager, wants to add Bob, who is an Employee, to a site that is for Managers Only.

The Admin set this site to allow only users that are in the “Managers” active directory group.

image-20240325-144507.png

Alice will try to add Bob to the site by going to this SharePoint site → Clicking on Settings → Site permissions

And then click “Add members” → Share site only

And finally, try to add Bob - SphereShield will block her action.

CASB Adapter Mode - removing the user after they were added.

The CASB Adapter mode works similarly to the Proxy mode, the only difference being that instead of blocking the user from being added at all, the user is removed after a few minutes.