Date:2013-03-19 OS: Windows Etrack Incidents: 3093587, 3093594, 3124161, 3124169, 3124170, 3124172 Errors/Problems Fixed: 3093587: Column Header to change for User/Group & Path permissions report. 3093594: Don't show ACES in console & reports if effective access mask for the ACE is zero 3124161: Everyone is not part of authenticated users group. 3124169: Properly handle file system ACL for owner. 3124170: Fix basic permission mask for effective permissions. 3124172: Fully exclude share-level permission when requested. Overall, this patch enhances SDI as follows: 1. Share-level permissions are displayed in the same order as they are displayed by native tools like cifs shares for NetApp filers. 2. File system access control list is displayed in the same order as advanced permissions view in Windows Security tab. 3. Multiple fixes have been made to effective permission computation and display: a. When excluding share-level permissions, associated trustees are also excluded. b. ACEs that effectively don’t grant any rights are not displayed. c. Everyone group does not inherit rights from Authenticated Users. d. Share-level permissions (when included) are taken into account when granting, "Take Ownership and Change permission rights" to owners of paths. 4. Column names in permission reports are changed PATH INHERITANCE => Inherited From Path. GROUP MEMBERSHIP => Inherited From Group. "Inherited From Path" column represents directories within a path from where rights are being inherited/granted. "Inherited From Group" column represents a subset of groups to which the trustee belongs, which are granting rights. Applies to: Management Server and Indexer nodes Install/Uninstall Instructions: Apply this hotfix to Data Insight Management Server and Indexer Nodes. This hotfix can be applied to Data Insight version 3.0.1(30RU1) RP4 only. FILE AFFECTED BY THIS PATCH: INSTALL_ROOT\DataInsight\tomcat\webapps\ROOT\WEB-INF\classes\com\symc\matrix\ui\server\FolderPermissionsServiceImpl*.class INSTALL_ROOT\DataInsight\reports\Types\path_permissions\engine\report.rptdesign INSTALL_ROOT\DataInsight\reports\Types\user_permissions\engine\report.rptdesign INSTALL_ROOT\DataInsight\bin\mindexer.dll INSTALL_ROOT\DataInsight\bin\perm.dll INSTALL_ROOT\DataInsight\bin\queryd.exe INSTALL_ROOT\DataInsight\bin\report.exe INSTALL_ROOT\DataInsight\pdb\mindexer.pdb INSTALL_ROOT\DataInsight\pdb\perm.pdb INSTALL_ROOT\DataInsight\pdb\queryd.pdb INSTALL_ROOT\DataInsight\pdb\report.pdb By default, value of INSTALL_ROOT on Windows is "C:\Program Files\Symantec". NOTE: Please keep a backup of the files you are about to patch. This will be required in case you want to rollback the patch. Steps: Log into Data Insight server machine with Administrative privileges and perform the following steps: 1. Stop Data Insight services: From the command prompt, issue the following command: net stop DataInsightWatchdog net stop DataInsightWeb net stop DataInsightHttpd net stop DataInsightComm net stop DataInsightConfig 2. Take a backup of entire bin\, pdb\, tomcat\webapps\ROOT\ and reports\ folders under the install location. Note that these backups should be stored some location other than under INSTALL_DIR. 3. Unzip the patch files to a temporary folder. In this folder, locate the "patches" folder. This folder contains binaries for 32bit as well as 64bit Windows operating Systems. Files provided in the patch are in the same directory hierarchy as those present on your system at: "INSTALL_ROOT\DataInsight". Example: If you unzip hotfix to C:\temp, it will create the following folders under C:\temp: C:\TEMP +---README +---patches +---windows +---32bit +-------tomcat +-------reports +-------bin +-------pdb +---64bit +-------tomcat +-------reports +-------bin +-------pdb 4. For Management Server, Copy the patch files to the install directory. For example, if you are patching a 64 bit Windows server installed at "C:\Program Files\Symantec\DataInsight", copy entire contents under "C:\temp\patches\64bit" to "C:\Program Files\Symantec\DataInsight", replacing the original files with those from the patch. For Indexer (other than Management Server), Copy the applicable patch files to the install directory. For example, if you are patching a 64 bit Windows server installed at "C:\Program Files\Symantec\DataInsight", copy ONLY bin and pdb folders under "C:\temp\patches\64bit" to "C:\Program Files\Symantec\DataInsight", replacing the original files with those from the patch. 5. Start Data Insight services: From the command prompt, issue the following command: net start DataInsightConfig net start DataInsightComm net start DataInsightHttpd net start DataInsightWeb net start DataInsightWatchdog Additional Notes: Apply this hotfix to Data Insight 3.0.1(30RU1) RP4 only. This patch does not address following. Advance rights in Effective permissions tab does not consider include share level permission checkbox.