Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Impersonation allows a site admin access to all the folders on the platform, including those that belong to other users.  A connection can be created using the username and password of the site admin. This then allows a data source to be created to access a different user’s account without ever having the username or password of that user. This is done by enabling the Run as user option when creating a data source to assign to a policy. When enabled, the Choose a user list displays all the available accounts on the connection available for impersonation. Simply select the account you want to impersonate.

Impersonating Read-Only or Disabled User

When you select to use impersonation when setting up a data source, you can select from any user that displays in the list; however, selecting a read-only or disabled user may cause your scan not to perform as expected.

In this situation, you have several options:

  • Select a different user: Depending on what you need the scan to do, you may need to select a different user. Read-only access is sufficient for scanning and classifying content, but Move actions will fail for read-only users. For some platforms, you can’t create a data source using a disabled user.

  • Update the user within the platform: Someone may be able to log into the platform and update the user.

  • Continue with the selected user: The scan may perform properly with the selected user. You can attempt to continue with the selected user.

Note that different platforms treat read-only and disabled users differently. As noted above, read-only access is sufficient for scanning and classifying content, but if a policy uses a Move action, the action will fail since a read-only user account doesn’t have sufficient access to move content on the platform. Below is an example of scan results for a Box data source set up to impersonate a read-only user. The policy contains a tracking group that uses the Move action when content is classified as part of this tracking group. Note that the scan succeeded and that a tracking group was successfully assigned. However, the action failed since the account doesn't have sufficient access to move content as required by the action set for the tracking group.

  • No labels
DryvIQ Govern Version: 5.9.2
Release Date: December 17, 2024