You email a shareable link to a financial report to one trusted colleague. They accidentally forward the email to an external contact who now has access to the document. Which access control design decision would have prevented this?
AUsing individual account-based access rather than a link, so only the specified colleague can open it
BGranting edit permissions instead of read-only, so the colleague could delete the file after reading
CSharing via link but adding a password, which prevents forwarding entirely
DSetting an expiring link, which would have revoked access before the colleague could forward it
A shareable link works for anyone who possesses it — it can be forwarded, posted, or discovered unintentionally. Individual account-based access requires the recipient to be signed into a specific account, so forwarding the link to someone else grants them nothing. Option C is wrong because a password-protected link can still be forwarded along with the password. Option D might limit exposure after the fact but does not prevent unauthorized access at the time of forwarding.
Question 2 Multiple Choice
A contractor needs to review and annotate a draft report but must not be able to change the actual content. Which permission level is most appropriate?
AEditor/contributor — so they can track changes and suggest edits directly
BViewer/read-only — so they can see and download the document
CCommenter — so they can annotate without altering the content
DNo access — contractors should receive a static PDF copy instead
Comment-only access is exactly the middle tier designed for this scenario: it lets someone annotate and flag issues without altering the actual document. Viewer/read-only (option B) would prevent them from adding annotations at all. Editor access (option A) would let them accidentally overwrite content. This question tests whether students know there are more than two permission levels.
Question 3 True / False
Expiring shared links are a useful security practice because they automatically revoke access after a set time, reducing the risk of forgotten active links.
TTrue
FFalse
Answer: True
Expiring links are a practical application of the principle of least privilege over time — you grant access for exactly as long as it's needed. Without expiration, a link shared for a one-time review may remain active indefinitely, creating ongoing exposure if the link is later discovered or if the recipient's account is compromised.
Question 4 True / False
A shared document link protected by a strong password is as secure as individual account-based access for sensitive files.
TTrue
FFalse
Answer: False
A password-protected link can still be forwarded along with the password — the protection travels with the link. Individual account-based access, by contrast, binds access to a verified identity: even if someone receives the link, they cannot access the file unless they are signed into the specific authorized account. For sensitive documents, individual access provides a meaningfully higher security guarantee.
Question 5 Short Answer
What is the 'principle of least privilege,' and how does it apply when deciding what permissions to grant when sharing a file?
Think about your answer, then reveal below.
Model answer: The principle of least privilege means giving someone exactly the access they need to accomplish their task — nothing more. When sharing a file, this means choosing the minimum permission level required: read-only if they only need to view it, comment-only if they need to annotate, edit only if they need to change the content. It also means preferring individual access over link-based sharing for sensitive documents, and using expiring links when access is only needed temporarily.
The principle of least privilege limits the blast radius when something goes wrong: if a link leaks, an account is compromised, or a collaborator acts carelessly, overly broad permissions amplify the damage. Granting only what is necessary means that a compromised or misdirected access cannot do more harm than the task required.