上QQ阅读APP看书,第一时间看更新
Control datastore browser access
Data store browsing is provided by different roles, but it is mainly provided by the Datastore.Browse privilege. It can be dangerous, because users with this privilege can view, delete, copy, upload, or download files directly from data stores.
Be sure to assign this privilege only to users or groups that really need it, in order to follow the minimum privilege principle.
VM file encryption (see Objective 1.4) can help to minimize some risks in data confidentiality if a user can browse the data store.