Veritas Data Insight User's Guide
- Section I. Introduction
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- Viewing user activity on files or folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight security reports
- Permissions reports
- Permissions Search report
- Creating a Permissions Query Template
- Permissions Query Template actions
- Ownership Reports
- About Data Insight storage reports
- About Data Insight custom reports
- Managing reports
- Viewing reports
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Using the Self-Service Portal
- About the Self-Service Portal
- Managing data
- About managing data using Enterprise Vault and custom scripts
- About adding tags to files, folders, and shares
- Managing permissions
- Configuring remediation workflows
- Appendix A. Command Line Reference
About Permissions Query templates
Data Insight lets you create rules that you can use to analyze permissions assignment in your organization. The rules can be applied to your data set to search for the permissions that determine a trustee's (user, group, or unresolved SID) access to an object as also search for violations that help you control access to resources. A permission search rule is a set of conditions with one or more parameters.
The permission search rules are a combination of parameters such as ACE type, the trustee type, the trustee (user or group), the type of rights, and the object that the rule is evaluating. A rule may specify all or any of these parameters. You can either add pre-defined rules to a template or create custom rules that define one or more conditions that form a permission search criteria. You can use different keywords to specify how Data Insight should evaluate the rules in the template.
The Permissions Query Template is a container for multiple frequently-used rules that you can use as input to create a permission search report.
You can apply the template to your data set to do the following:
Review access to trustees on shares and folders.
Ensure that your organization adheres to security policies and permission best practices.
Identify all the compliance violations for permission hygiene.
Remediate access to global groups such as Everyone.
You can create different templates to classify the rules in different categories such as one template for all compliance rules, or one template for rules to evaluate violations of best practices.
You can use the saved templates to create a Permissions Search Report from the
tab of the Management Console. A Permissions Search report lists the paths that match or violate the search criteria that are defined in the rules.The following are examples of the different queries that you can build using the predefined or custom rules:
Show all paths on which User X has access.
Show all files that have explicit ACEs defined on them.
Show all paths with Full permission.
Show all paths/shares where a trustee of type "User" has access.
Show all paths where inheritance is broken.
Note:
A Permissions Query Template is tightly integrated with a Permissions Search report. All templates that you create are available for selection when you create a Permissions Search report. You can also edit, copy, or delete a saved template either from the report configuration page or from the list view page.
See Create Permissions Search report.