主权项 |
1. A method comprising:
detecting a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data; in response to the detecting, comparing the set of permissions associated with the data to a set of appropriate permissions, wherein the set of appropriate permissions restricts unauthorized access to the data, if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, and when the detecting and the comparing are performed, the set of permissions associated with the data does not restrict unauthorized access to the data; in response to the comparing, preventing unauthorized access to the data, wherein the preventing begins after the detecting and before any subsequent read access to the data, the preventing comprises generating an error message in response to detecting that the set of permissions associated with the data is more permissive than the set of appropriate permissions, the set of appropriate permissions was determined by a data loss prevention (DLP) processor, and the error message indicates that the set of appropriate permissions proposed by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden. |