File Exposure
File Exposure
Here is a list of special handling of file exposure.
Organization-wide Exposure
An organization-wide exposure of a resource indicates that a permission or link (either directly applied or inherited) permits any user with an account in the organization’s SaaS app instance to access the resource. For instance, SharePoint Online and OneDrive for Business enable resources to be shared with “People in <Your Organization>” (ref).
When specified in a policy, organization-wide exposure matches a resource if it has (or inherits) a permission or a sharing link that targets the entire organization.
Unknown Exposure
Unknown (i.e UNSPECIFIED) exposure means that Netskope does not have sufficient information to determine who can access the resource. For example:
-
A permission or sharing link gives access to a user that Netskope has no knowledge of (this generally means that provisioning is not complete, or the user was recently created).
-
A permission or sharing link gives access to a group that references a user Netskope has no knowledge of.
-
Exception: If Netskope has partial permission information indicating that a resource is publicly or externally accessible it will not be marked as Unknown.
Policy matching remains unaffected by the unknown exposure state in cases where there are no exposure-related criteria.
When exposure related criteria are specified (see Internal/External criteria in the screenshot above), resources with unknown criteria will not match. This is because the entity’s exposure cannot be determined based on the information available. If Netskope has partial access information indicating that a resource is external or public, it will not be treated as unknown, it will be treated as external or public for policy evaluation.