BLS offer the following
By generating ownership reports, you can identify the owners of every file on your network and then by consulting with these owners, determine if files are still relevant, if they should be moved to a more secure location, deleted, or archived.
Report assigned and effective file system user permissions for all folders and subfolders from a specified file system path. Furthermore, you can identify all users that have any type of access permissions to a specified network folder, as well as all of the network folders that a specified user can access.
Automate Active Directory group memberships in real-time through Active Directory enacted policies. Add users to or delete users from groups according to the definitions of the group specific policy.
Create Security Notification policies assigned to specific high-risk or high-value targets on your network so that you are notified when any access permissions to that target are changed.