Jump to content
Covecube Inc.
  • Announcements

    • Christopher (Drashna)

      Login issues   11/07/17

      If you have issues with logging in, make sure you use your display name and not the "username" or email.  Or head here for more info.   http://community.covecube.com/index.php?/topic/3252-login-issues/  
    • Christopher (Drashna)

      Getting Help   11/07/17

      If you're experiencing problems with the software, the best way to get ahold of us is to head to https://stablebit.com/Contact, especially if this is a licensing issue.    Issues submitted there are checked first, and handled more aggressively. So, especially if the problem is urgent, please head over there first. 
  • 0
mackinac

OneDrive for business security question

Question

Hello

 

I have discovered Covecube and so far am very impressed. I want to use CloudDrive to mount a drive on my onedrive for business account to be used with DrivePool for duplication of folders, but before I do so I would like to know the details of permissions I am granting to the CloudDrive API. I have an E3 plan from work and I'd like to use it as a place to duplicate files via drivepool for backup purposes.

 

When I create the Onedrive for Business drive, i am presented with a security permissions page from microsoftonline.com that lists these permissions being granted:

 

StableBit CloudDrive needs permission to:
Read items in all site collections  Allows the app to read documents and list items in all site collections on your behalf.
Read and write items in all site collections  Allows the app to create, read, update, and delete documents and list items in all site collections on your behalf.
Read and write items and lists in all site collections  Allows the app to read, create, update, and delete document libraries and lists in all site collections on your behalf.
Read your files  Allows the app to read your files.
Read and write your files  Allows the app to read, create, update, and delete your files.
Sign you in and read your profile  Allows you to sign in to the app with your work account and let the app read your profile. It also allows the app to read basic company information.

 



I am concerned about authorizing this because it seems to infer it would be able to "read items in all site collections" which would infer I am granting permissions for cloud drive to access, via api, all of the sharepoint collections my account has access to. Obviously, I want to limit the access cloud drive has to just my one drive, or collection where my one drive exists.
 
Is it possible to get a more thorough description of how cloud drive works with one drive for business and what it has access to and what it doesnt?
 

 

 

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

Well, I believe that the required permissions is mostly due to the way that CloudDrive Works, and that without it, it can cause some issues uploading.

 

 

that said, the software doesn't read the existing data on the provider.  It creates and uses a "StableBit CloudDrive" folder, and stores the raw disk data from the CloudDrive disks there.   

 

It doesn't access or modify anything outside of this folder. 

 

 

Otherwise, let me flag this for Alex (the Developer) for clarification. 

https://stablebit.com/Admin/IssueAnalysis/27662

Share this post


Link to post
Share on other sites
  • 0

Thank you Christopher for the response. I agree with you, chances are the software doesn't do or access anything outside of what it needs to, but if I am granting permissions to an app that CAN, that's all it takes to violate fundamental information security principles.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×