Veritas Data Insight User's Guide
- Section I. Introduction
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- Viewing user activity on files or folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight security reports
- Permissions reports
- Permissions Search report
- Creating a Permissions Query Template
- Permissions Query Template actions
- Ownership Reports
- About Data Insight storage reports
- About Data Insight custom reports
- Managing reports
- Viewing reports
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Using the Self-Service Portal
- About the Self-Service Portal
- Managing data
- About managing data using Enterprise Vault and custom scripts
- About adding tags to files, folders, and shares
- Managing permissions
- Configuring remediation workflows
- Appendix A. Command Line Reference
Using the match-type criteria
If there are multiple rules in a template, the report output displays the results of the configured rules based on the match type criteria that you select.
The expected results that the ACE search report will return depends on the match type that you select. For example, if the template consists of two rules:
Trustee is user (Rule 1)
Trustee is disabled (Rule 2)
Table: ACE Search match-type criteria
Match type Criteria | Expected Result |
---|---|
Match any of the rules | The report output returns such paths that match either Rule 1 or Rule 2. Thus, the report displays records (paths) with ACEs where a trustee of type user has Allow or Deny type of permission or where the trustee state is Disabled. In the report, Unmatched Rules column shows the rule that does not match. |
Match all of the rules | The report output displays all such paths with ACEs that match both the rules. Thus, the report displays such paths where a trustee of type user has or type of permission and where the trustee state is .In the report, Unmatched Rules column must not show any configured rules. |
Do not match any of the rules | The report output returns such paths with ACEs, where none of the ACES match any of the configured rules. In the report, Unmatched Rules column shows both the configured rules. |
Do not match all of the rules | The report output returns such paths that do not match every configured rule, but may match some of the rules. Thus, some paths may match Rule 1 and some paths may match Rule 2. In this case, the report returns all such paths where the Trustee is a user or the paths where a disabled user has Allow or Deny type of permission. The Unmatched Rules column should always show at least one rule. |
In case of an ACL search report, the report returns the complete ACL although the rules evaluate the individual ACEs within the ACL.
For example, the template consists of the following rules:
CIFS Permission is (Full) SharePoint Permission is (Full Control) (Rule 1)
Trustee is Everyone (Rule 2)
Trustee is Unresolved (Rule 3)
ACE count = 3 (Rule 4)
Table: ACL Search Match-type criteria
Match type Criteria | Expected Result |
---|---|
ACLs that match any of the rules | The report output returns such ACLs where at least one ACE within each ACL matches at least one configured rule. The Unmatched Rules column displays the rules that do not match |
ACLs that match all of the rules | The report output returns such ACLs where ACEs across each ACL match all configured rules. Thus, a single ACE within an ACL may fulfill all the rules or all ACES across an ACL may fulfill all the rules. Thus, the report may return ACL 1, ACL 2, and ACL 3 where the ACEs across each ACL match rules 1 to 4. |
ACLs that match exactly all the rules | The report output returns such ACLs where each ACE within the ACL matches either rule 1,2,3, or 4 or all configured rules. All ACEs within an ACL should match at least one rule, and all configured rules should be present within the ACL. Thus, if an ACL has an ACE that does not match any of the configured rules, that ACL will not be displayed in the report. |
ACLs that do not match any of the rules | The report returns such ACLs where for every ACE none of the rules should be matching. All configured rules should ideally show under the Unmatched rules column in the report. |
ACLs that do not match all of the rules | The report output returns such ACLs where the ACEs within the ACL do not match the complete set of configured rules, however the ACEs within the ACL may match some of the rules. Thus, the configured rule set should not match at least one ACE. The Unmatched Rules column should always show at least one rule. |
ACLs that do not match exactly all the rules | The report output returns such paths where at least one ACE within the ACL should not match the configured rule set. Or at least one rule should not be present within the ACL. |