Veritas Data Insight Administrator's Guide
- Section I. Getting started
- Introduction to Veritas Data Insight administration
- Configuring Data Insight global settings
- Overview of Data Insight licensing
- About scanning and event monitoring
- About filtering certain accounts, IP addresses, and paths
- About archiving data
- About Data Insight integration with Symantec Data Loss Prevention (DLP)
- Configuring advanced analytics
- About open shares
- About bulk assignment of custodians
- Section II. Configuring Data Insight
- Configuring Data Insight product users
- Configuring Data Insight product servers
- About node templates
- About automated alerts for patches and upgrades
- Configuring saved credentials
- Configuring directory service domains
- Configuring containers
- Section III. Configuring native file systems in Data Insight
- Configuring NetApp file server monitoring
- Configuring clustered NetApp file server monitoring
- About configuring secure communication between Data Insight and cluster-mode NetApp devices
- Configuring EMC Celerra or VNX monitoring
- Configuring EMC Isilon monitoring
- Configuring EMC Unity VSA file servers
- Configuring Hitachi NAS file server monitoring
- Configuring Windows File Server monitoring
- Configuring Veritas File System (VxFS) file server monitoring
- Configuring monitoring of a generic device
- Managing file servers
- Adding filers
- Adding shares
- Renaming storage devices
- Configuring NetApp file server monitoring
- Section IV. Configuring SharePoint data sources
- Configuring monitoring of SharePoint web applications
- About the Data Insight web service for SharePoint
- Adding web applications
- Adding site collections
- Configuring monitoring of SharePoint Online accounts
- About SharePoint Online account monitoring
- Adding SharePoint Online accounts
- Adding site collections to SharePoint Online accounts
- Configuring monitoring of SharePoint web applications
- Section V. Configuring cloud data sources
- Section VI. Configuring ECM data sources
- Section VII. Health and monitoring
- Section VIII. Alerts and policies
- Section IX. Remediation
- Section X. Reference
- Appendix A. Backing up and restoring data
- Appendix B. Data Insight health checks
- Appendix C. Command File Reference
- Appendix D. Data Insight jobs
- Appendix E. Troubleshooting
- Troubleshooting FPolicy issues on NetApp devices
About open shares
A share is considered to be open due to the permissions assigned on it. You can define the parameters that determine whether a share should be considered as open. However, the open share policy does not allow you to define specific permissions that render a share open.
One of the following parameters determine whether a share is open:
If certain group has access to a share, either directly or as a nested group.
If more than a certain number of users have access to the share.
Additionally, you can also specify granular criteria for examination, such as:
The level at which Data Insight should start examining the paths.
The number of levels deep to examine the path permissions.
For example, you can define the following criteria to consider a share to be open:
List of groups: Domain Users or Everyone.
No of users who have access to the share: 500.
Level to start examining permissions: 1.
Depth to examine: 3.
According to the above specification, any share that is accessed by the Domain Users/Everyone group or by more than 500 users is considered to be open. For this purpose, the ACLs are examined from level 1 (root being level 0), and all folders three levels down are examined.
Defining an open share policy helps you to review the permissions assigned at share level and revisit entitlement decisions. You can view the details of the open shares, the size of the data in open shares, and the number of files in open shares on the Dashboard tab on the Management Console.
Note:
Data Insight does not fetch permissions for SharePoint Online, Microsoft OneDrive, and Documentum data sources. Thus, reporting of open shares on these data sources is not supported.