Veritas Data Insight User's Guide
- Section I. Introduction
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- Viewing user activity on files or folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight security reports
- Permissions reports
- Permissions Search report
- Creating a Permissions Query Template
- Permissions Query Template actions
- Ownership Reports
- About Data Insight storage reports
- About Data Insight custom reports
- Managing reports
- Viewing reports
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Using the Self-Service Portal
- About the Self-Service Portal
- Managing data
- About managing data using Enterprise Vault and custom scripts
- About adding tags to files, folders, and shares
- Managing permissions
- Configuring remediation workflows
- Appendix A. Command Line Reference
About permissions
Veritas Data Insight enables you to view all users and groups and associated folder permissions. It gives you a hierarchical view of the groups' or a user 's effective access permissions to a file and folder.
Every folder is assigned a permission. It also can derive permissions from its parent folder. Effective permissions determine the type of access allowed to a user on a file or folder. Effective permissions are primarily derived from the combination of the following sources:
The explicit permission assigned to a file or folder and its parent(s).
The permissions a file or folder inherits from its parent(s).
The relationship between specific users and groups who have been given permission.
For example, the folder, /Finance/Payroll
, has the following permissions which are inherited by its children:
User 1 has read privilege.
Group 1 has read and write privilege.
The folder
F1
under thePayroll
folder has permissions as follows:User 2 has read privilege on folder
F1
.User 2 is part of Group 1.
In this case, Data Insight determines the effective permissions for file F1
as follows:
User 1 has read privilege.
Group 1 has read and write privilege.
User 2 has read and write privilege. User 2 inherits these privileges from Group 1.
Information about permissions when used with the access history of users helps to decide whether a user is assigned appropriate permissions. For example, sometimes a group is given full control, read, write, modify, and execute permissions to a folder. However, only certain users from the group access the folder. In such cases, visibility into permissions enables you to review and reassign permissions, as appropriate.
Visualization of access control information also enables you to analyze whether sensitive files are accessible only to authorized users. This in turn helps you monitor the usage of sensitive data and limit access to it, if necessary.
Data Insight lets you view NFS share permissions on folders, users, and groups. NFS permissions are Unix style permissions.
Data Insight does not retain membership information of a deleted user or group. Thus, the permission view of a deleted user or group contains only those data resources where the deleted user or group has explicit permissions (either on the folder or on the share).
Note:
Data Insight does not fetch permissions information for SharePoint Online, Microsoft OneDrive, and Documentum data sources.