Jump to content
  • 0

OneDrive for business security question


mackinac

Question

Hello

 

I have discovered Covecube and so far am very impressed. I want to use CloudDrive to mount a drive on my onedrive for business account to be used with DrivePool for duplication of folders, but before I do so I would like to know the details of permissions I am granting to the CloudDrive API. I have an E3 plan from work and I'd like to use it as a place to duplicate files via drivepool for backup purposes.

 

When I create the Onedrive for Business drive, i am presented with a security permissions page from microsoftonline.com that lists these permissions being granted:

 

StableBit CloudDrive needs permission to:
Read items in all site collections  Allows the app to read documents and list items in all site collections on your behalf.
Read and write items in all site collections  Allows the app to create, read, update, and delete documents and list items in all site collections on your behalf.
Read and write items and lists in all site collections  Allows the app to read, create, update, and delete document libraries and lists in all site collections on your behalf.
Read your files  Allows the app to read your files.
Read and write your files  Allows the app to read, create, update, and delete your files.
Sign you in and read your profile  Allows you to sign in to the app with your work account and let the app read your profile. It also allows the app to read basic company information.

 



I am concerned about authorizing this because it seems to infer it would be able to "read items in all site collections" which would infer I am granting permissions for cloud drive to access, via api, all of the sharepoint collections my account has access to. Obviously, I want to limit the access cloud drive has to just my one drive, or collection where my one drive exists.
 
Is it possible to get a more thorough description of how cloud drive works with one drive for business and what it has access to and what it doesnt?
 

 

 

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0

Well, I believe that the required permissions is mostly due to the way that CloudDrive Works, and that without it, it can cause some issues uploading.

 

 

that said, the software doesn't read the existing data on the provider.  It creates and uses a "StableBit CloudDrive" folder, and stores the raw disk data from the CloudDrive disks there.   

 

It doesn't access or modify anything outside of this folder. 

 

 

Otherwise, let me flag this for Alex (the Developer) for clarification. 

https://stablebit.com/Admin/IssueAnalysis/27662

Link to comment
Share on other sites

  • 0

Thank you Christopher for the response. I agree with you, chances are the software doesn't do or access anything outside of what it needs to, but if I am granting permissions to an app that CAN, that's all it takes to violate fundamental information security principles.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...