Veritas Data Insight User's Guide
- Section I. Introduction
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- About viewing file or folder summary
- Viewing the overview of a data source
- Managing data custodian for paths
- Viewing user activity on files or folders
- Viewing file and folder activity
- Viewing CIFS permissions on folders
- Viewing NFS permissions on folders
- Viewing SharePoint permissions for folders
- Viewing OneDrive permissions for folders
- Viewing Box permissions on folders
- Viewing audit logs for files and folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Viewing the overview of a user
- Viewing the overview of a group
- Managing custodian assignments for users
- Viewing folder activity by users
- Viewing CIFS permissions for users
- Viewing CIFS permissions for user groups
- Viewing NFS permissions for users and user groups
- Viewing SharePoint permissions for users and user groups
- Viewing Box permissions for users and user groups
- Viewing audit logs for users
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight reports
- How Data Insight reporting works
- Creating a report
- About Data Insight security reports
- Activity Details report
- Permissions reports
- Inactive Users
- Path Permissions
- Permissions Search report
- About Permissions Query templates
- Creating a Permissions Query Template
- Creating custom rules
- Permissions Query Template actions
- Using Permissions Search report output to remediate permissions
- Entitlement Review
- User/Group Permissions
- Group Change Impact Analysis
- Ownership Reports
- Create/Edit security report options
- About Data Insight storage reports
- Create/Edit storage report options
- About Data Insight custom reports
- Considerations for importing paths using a CSV file
- Managing reports
- About managing Data Insight reports
- Viewing reports
- Filtering a report
- Editing a report
- About sharing reports
- Copying a report
- Running a report
- Viewing the progress of a report
- Customizing a report output
- Configuring a report to generate a truncated output
- Sending a report by email
- Automatically archiving reports
- Canceling a report run
- Deleting a report
- Considerations for viewing reports
- Organizing reports using labels
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- About remediation workflows
- Prerequisites for configuring remediation workflows
- Configuring Self-Service Portal settings
- About workflow templates
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Auditing workflow paths
- Monitoring the progress of a workflow
- Remediating workflow paths
- Using the Self-Service Portal
- About the Self-Service Portal
- Logging in to the Self-Service Portal
- Using the Self-Service Portal to review user entitlements
- Using the Self-Service Portal to manage Data Loss Prevention (DLP) incidents
- Using the Self-Service Portal to confirm ownership of resources
- Using the Self-Service Portal to classify sensitive data
- Managing data
- About managing data using Enterprise Vault and custom scripts
- Managing data from the Shares list view
- Managing inactive data from the Folder Activity tab
- Managing inactive data by using a report
- Archiving workflow paths using Enterprise Vault
- Using custom scripts to manage data
- Pushing classification tags while archiving files into Enterprise Vault
- About adding tags to devices, files, folders, and shares
- Managing permissions
- Configuring remediation workflows
- Appendix A. Command Line Reference
- Index
Name
mxcustodian — A script that is used to automatically assign custodians on various paths and to generate a comma separated values (csv) file with information about data custodian assignments. The .csv files, mxcustodian_assign.csv and mxcustodian_error.csv are saved in the current directory.
SYNOPSIS
mxcustodian.exe - - paths <pathsfile> - - ownermethod <comma-separated-list> |default
mxcustodian.exe - - paths <pathsfile> - - groupscript <script> - - attr <attrname>
mxcustodian.exe - - csv <csv-filepath> - - verify [ - - custodian <user@domain>|<SID>]
mxcustodian.exe - - csv <csv-filepath> - - assign [ - f] [ - - overwrite]
mxcustodian.exe - - csv <csv-filepath> custodian <user@domain>|<SID> - - assign [ - f] [ - - overwrite]
OPTIONS
- - - csv<name of input file>
A file with comma-separated values - path, custodian. The values are provided in the format, one path per line. The given custodians are assigned to their corresponding path.
- - - assign
Assigns custodians given in the input csv file.
- - - custodian <name of custodian>
A user@domain or SID value to be assigned as custodian to all input paths. Input paths must be specified using - - csv option where the file provided contains one path per line.
- - - paths <input file>
Input file with paths, one path per line. Depending on the method used, the computed custodians for the paths will be printed to the output file,
assignments.txt.
- - - overwrite
Overwrites existing custodian assignments with the assignments provided in the input csv file (using - - csv option). By default, Data Insight appends the custodian assignments in the input file to the existing assignments.
- - g - - groupscript
Invokes the script for each path <name of path> in the input file given by the --csv option. The script is passed one path per invocation and prints to its standard output a group, <name of group>, corresponding to that path. If the script exits with 0, denoting success, the output group is used. If the script exits with a non-zero value, the path is discarded. The next input path is picked up if --force option is used; else this script aborts further execution
Note:
When using the "--groupscript" option, you must keep the actual script in the folder
data/scripts/mxcustodian/. When specifying the parameter for the --groupscript option on the command line, you must specify the fully-qualified path to the script.Once a group for a path is obtained, the script does the following in the given order:
Queries the directory service to get the value for the attribute for the group. The attribute can be specified using the --attr option.
Generates a file containing the path and attribute entries, one entry per line.
- - f - - force
Ignores paths that do not have a corresponding custodian specified in the input csv file, and assigns custodians for other valid paths. This option also prints all error paths in the log file.
- - a - - attr <name of attribute>
Attribute whose value specifies the custodian for a given path. Use this option with the - - groupscript option.
- - - ownermethod default|<one or more comma-separated list of methods>
The supported methods of computing an owner in their default order (if a default order is specified) are rw_count, read_count, write_count, creator, last_accessor, last_modifier OR 'parent_owner,<M>' where M is the default or any number of comma-separated methods.
- - ownermethods are calculated based on the last 3 months data/time range.
- - - verify
Verifies and validates input paths and custodians provided using - - csv option. This command does not make any custodian assignments.
- - - outfile<name of the file>
Name of the file where the results of successful custodian computation, verification, or assignments is stored. If the file name is not specified, the results go to the standard output of the command.
- - - errfile name of the file
Name of the file where the errors in custodian computation, verification, or assignments is stored. If the file name is not specified, the results go to the standard error output of the command.
- - f - - ignore_errors
Ignores paths that do not have a custodian in the input csv file and assigns the custodians for other valid paths. Prints all such error paths in the log file.
- - D - - debug
Prints additional debug statements in the log file.
- - h - - help
Prints the usage information for this command.