Veritas Data Insight enables you to view all users and groups and associated folder permissions. It gives you a hierarchical view of the groups' or a user 's effective access permissions to a file and folder.
Every folder is assigned a permission. It also can derive permissions from its parent folder. Effective permissions determine the type of access allowed to a user on a file or folder. Effective permissions are primarily derived from the combination of the following sources:
The explicit permission assigned to a file or folder and its parent(s).
The permissions a file or folder inherits from its parent(s).
The relationship between specific users and groups who have been given permission.
For example, the folder, /Finance/Payroll
, has the following permissions which are inherited by its children:
User 1 has read privilege.
Group 1 has read and write privilege.
The folder F1
under the Payroll
folder has permissions as follows:
In this case, Data Insight determines the effective permissions for file F1
as follows:
User 1 has read privilege.
Group 1 has read and write privilege.
User 2 has read and write privilege. User 2 inherits these privileges from Group 1.
Information about permissions when used with the access history of users helps to decide whether a user is assigned appropriate permissions. For example, sometimes a group is given full control, read, write, modify, and execute permissions to a folder. However, only certain users from the group access the folder. In such cases, visibility into permissions enables you to review and reassign permissions, as appropriate.
Visualization of access control information also enables you to analyze whether sensitive files are accessible only to authorized users. This in turn helps you monitor the usage of sensitive data and limit access to it, if necessary.
Data Insight lets you view NFS share permissions on folders, users, and groups. NFS permissions are Unix style permissions.
Data Insight does not retain membership information of a deleted user or group. Thus, the permission view of a deleted user or group contains only those data resources where the deleted user or group has explicit permissions (either on the folder or on the share).