On This Page
| Table of Contents | ||||
|---|---|---|---|---|
|
Overview
The actions for a tracking group tell DryvIQ what to do with the files in each tracking group. Multiple actions can be applied to the tracking group to force the remediation through an approval workflow, or you can select to take a definitive action against the file as soon as it is assigned to the tracking group.
Understanding Actions
There are seven actions available. Learn more about each below.
Apply Metadata
This action allows you to specify the metadata that should be applied to the file when it is added to the tracking group. This option requires you to configure the data sources assigned to the policy to set the metadata field and value. Refer to Configuring Data Sources: Apply Metadata for more information about how to configure the data sources for the metadata. The Allow configuration to be skipped on individual data sources option allows you to skip adding metadata configuration to data sources that don’t support metadata.
Approval
Select this action when you want to require manual approval. You will choose this option if you want to manually take action against the files in the tracking group. The files are flagged, and you will be responsible for properly remediating the files.
Delay
This option delays any additional actions on the tracking group for the specified time. When selected, you will specify the delay value and interval (seconds, minutes, hours, or days). This option will be used in combination with the move or delete action. For example, you could set the action to delay deleting or moving files in a tracking group for five days to allow for review before the move or delete occurs.
Delete
DryvIQ will delete files that belong to the tracking group.
DryvIQ will send an email to the specified email address with the specified subject line. The email message will include a csv file that includes a list of the items that have been assigned to the tracking group. In order to use this option, you must configure an email server for notifications in the Settings. Email notifications are sent out by the system jobs, which run every two hours.
MIP Label
This option only displays if the MIP extension is installed for your DryvIQ application. It allows you to select the MIP label you want to assign to the tracking group. The list that appears displays all the available MIP labels for your account. DryvIQ will create another version of the file and add the label to the “Sensitivity” label.
The MIP label will only be applied to the following file types.
doc
docm
docx
dot
dotm
dotx
pdf
potm
potx
pps
ppsm
ppsx
ppt
pptm
pptx
vsdm
vsdx
vssm
vssx
vstm
vstx
xla
xlam
xls
xlsb
xlsm
xlsx
xlt
xltm
xltx
xps
| Info |
|---|
If you add new labels to your MIP label library, you must restart the DryvIQ Service Manager in order to pull the new labels. |
Modify Permissions
DryvIQ will modify the permissions for specified groups and/or accounts. This action requires you to configure the assigned data sources to specify to whom permission should be granted and the permission level that should be assigned (Read, Read and Write, or Full Control). See Configuring Data Sources: Modify Permissions for more information about how to configure this action for the data sources. The Allow configuration to be skipped on individual data sources option allows you to skip adding permission configuration to data sources that don’t support permissions.
When configuring the data source to modify permissions, you can set a single permission level for multiple groups and/or accounts at the same time. However, you will need to add the Modify Permissions action to the policy multiple times if different permission levels need to be set. For example, if you need to set all three permission levels (Read, Read and Write, and Full Control), you will need to add the action to the policy three times. You will then configure one action for each permission level.
| Note |
|---|
If you need to scan and apply permissions actions to content that is part of a Microsoft Teams Site, you must use the Microsoft Teams connector in order to properly access your Teams Site's groups. |
| Info |
|---|
Permission actions for Microsoft Office/Teams Sites only apply to permissions at the Direct Access level. Permissions at the Site permission (sub-group level) are not affected by permission actions. If you select to remove or modify permissions at the Site permission (sub-group level), you will see a log entry indicating, “No matching permissions were found.” This is because DryvIQ cannot detect the permissions at this level. |
Move
DryvIQ will move the files to a specified location. When you select this action, you need to specify the connection and directory where DryvIQ needs to move the files. The Connection list displays 100 connections. If you have more than 100 connections, use the Load more link to display additional connections as needed.
| Note |
|---|
Files cannot be moved into the same data source being scanned, so ensure you are selecting a different data source when selecting the move location. |
Remediate
DryvIQ will mark the files as remediated. This action indicates there is no other action required. This option will most often be used for files with a low risk level or files with no risk.
Remove Permissions
DryvIQ will remove the specified permissions from a group or account. This action required you to configure the assigned data sources to select from whom and which permissions should be removed. See Configuring Data Sources: Remove Permissions for more information about how to configure this action for the data sources. The Allow configuration to be skipped on individual data sources option allows you to skip adding permission configuration to data sources that don’t support permissions.
| Note |
|---|
If you need to scan and apply permission actions to content that is part of a Microsoft Teams Site, you must use the Microsoft Teams connector in order to properly access your Teams Site's groups. |
| Info |
|---|
Permission actions for Microsoft Office/Teams Sites only apply to permissions at the Direct Access level. Permissions at the Site permission (sub-group level) are not affected by permission actions. If you select to remove or modify permissions at the Site permission (sub-group level), you will see a log entry indicating, “No matching permissions were found.” This is because DryvIQ cannot detect the permissions at this level. |
Remove Shared Links
DryvIQ will remove shared links that allow access to the item. You will select if you want to remove all links, internal links, or external links. Not all platforms support shared links, and DryvIQ does not support removing shared links from all platforms. Refer to the table below for the supported platforms and the specific permissions that will be removed based on whether the internal and/or external permissions are selected to be removed.
Platform | Internal Shared Link Types | External Shared Link Types | Not Supported |
|---|---|---|---|
Box | People in your company | People with the link | |
Microsoft Office 365/OneDrive | People in Company with the link | Anyone with the link | |
Dropbox | Anyone with link (edit) | Anyone with link (view) | |
Google Shared Drives | Company | Anyone with the link | Restricted |
| Info |
|---|
DryvIQ does not support removing shared links for Google drive. |
Adding Actions
Select the down arrow to expand the Actions section.
Select the action you want to apply.
For Delay and Move, add the required delay time or location and select Done.
To add another action, select the + under the action you just added and repeat steps 2-3 for each action you want to apply to the tracking group.
When you are done adding actions, select Apply changes to save the tracking group.
Editing Actions
Editing is only available for Delay and Move since these options have additional fields that provide information for the action. To change other actions, you must delete the action and add the desired action.
If necessary, select Edit for the tracking group to enable editing.
Select the down arrow to expand the Actions section.
Select the ellipses (…) at the end of the action line.
Select Edit from the men that displays.
Deleting Actions
If necessary, select Edit for the tracking group to enable editing.
Select the down arrow to expand the Actions section.
Select the ellipses (…) at the end of the action line.
Select Delete from the men that displays.
Ordering Actions
Actions will be executed in the order they display in the tracking group. If you add multiple actions to a tracking group, you can reorder the actions to ensure they are in the proper order in the event you added them out of sequence.
If necessary, select Edit for the tracking group to enable editing.
Select the down arrow to expand the Actions section.
Hover in front of the action line. Up and down arrows will appears.
Click the up arrow to move the action up and the down arrow to move the action down.
Understanding Deferred Actions
When reviewing the scan result details for a file, you may notice the Assignment status is “Processing” and the activity is labeled “Action deferred.” Deferred actions are actions that are awaiting a process to take place before the action can be completed. You will see this for the Email action while the system is awaiting the notification to be sent, for the Delay action while the system waits for the specified time to pass, and for the Approval action while the system waits for user approval. If there are subsequent actions in the tracking group after the deferred action, they will not be executed until the action is complete and the Data source is scanned again.
The Assignment status will remain as “Processing” until a subsequent scan identifies the action has been completed and that there are no other actions pending. At that time, the Assignment status will be “Complete.”
