Guest access: How to audit which user added whom to which document?

Hello,

After having downloaded a User Type Report, i discovered, with some alarm, that 3 individuals from a competitor have guest access to one asset in our Smartsheet instance.

Questions:

How can i find out which access they have access to?

How can i find out which user granted them access?

How can i monitor or block the user's ability to add guests outside our organization?

Thank you,

Karl

Answers

  • jmyzk_cloudsmart_jp
    jmyzk_cloudsmart_jp ✭✭✭✭✭✭

    Hi @Karl Trepanier

    • Identifying the Asset and Access:
      • If you have already identified the asset (likely a sheet, report, or dashboard), he can use the Activity Log in Smartsheet. The Activity Log provides detailed records of who has accessed the sheet, made changes, or granted sharing permissions.
      • Navigate to the asset, open the Activity Log (available in the sheet options), and look for entries where access was shared or modified. This will reveal:
        • Who shared the asset?
        • The email address of the person granted access.
    • Monitoring or Blocking Guest Access:
      • To prevent users from sharing assets with individuals outside the organization:
        • Enterprise Plan Sharing Restrictions: Admins of enterprise accounts can enable domain-based sharing restrictions. This ensures that only users within specific allowed domains (e.g., your company domain) can be shared with.
        • Admins can configure these settings in the Admin Center under the Domain Whitelisting or Sharing Restrictions options.

  • jmyzk_cloudsmart_jp
    jmyzk_cloudsmart_jp ✭✭✭✭✭✭
    edited 12/07/24

    For example, in the image below, the activity log shows that I, jmyazki gave "Editor - can share" permission to "free@cloudsmart.jp".

  • Hi Jmyzk,

    Thank you for chiming in. I am still on the first question though: how to identify the asset these users had access to?

    Activity log will be a great help and will answer my 2nd question once i have the asset identified.

    From further research, Safe sharing will block sharing outside a list of "safe" email domains.

    Any insights on identifying the asset will be greatly appreciated!

    Thank you