Assignment Rules

Owned by Andrea Harvey
Last updated: Jun 30, 2022
9 min read

On This Page

Overview

Assignment rules are lists of entity types that should be run against a file. You can add one to many assignment rules to a tracking group, and each assignment rule can consist of one to many entity types.

The list of entity types within a single assignment rule serves as an “and” condition. A file must match all the entity types listed for the file to be added to the tracking group.

Each individual assignment rule serves as an “or” condition. DryvIQ will compare each file to each assignment rule in a tracking group. If the file doesn’t match an assignment rule, DryvIQ will work through the subsequent assignment rules in sequential order. As soon as the file matches one of the assignment rules, DryvIQ adds it to the corresponding tracking group.

 

Understanding Assignment Rule Properties

Assignment rules are built by selecting an entity type, an operator, and a value. Together, these pieces build the equation that determines if the content of a file meets the assignment rules for the tracking group.

 

Entity Type

You will select an entity type from the available entity types in the system. This includes the preinstalled entity types provided by DryvIQ and and custom entity types you added. A search option is available to make finding the entity type easier.

Once you select the entity type, you will select a property to use. The available options are based on the selected entity type. For most entity types, you will have three property options:

  • Entity Type Name: There will be an entry that is just the entity type name (for example “ABA Routing Numbers”). This option allows you to select from a variety of operators that can be used to narrow down the information you want to include or exclude as part of the assignment rule.

  • Entity Type Exists: This option includes the entity name with “Exists” (for example, “ABA Routing Numbers Exists”). You will then select either True (the selected entity type exists in the file) or False (the selected entity type doesn’t exist in the file) as the value.

  • Entity Type Frequency: This option includes the entity name with “Frequency” (for examples, “ABA Routing Numbers Frequency). It allows you to choose from different inequalities (equals, is greater than, is at least, is less than, at most, or is at most) to specify the number of time an entity type needs to be identified in a file before it should be assigned to the tracking group.

 

The Custom Metadata entity type is the exception to the above options. When you choose Custom Metadata, a text field will display where you need to enter the metadata value (property name). The name you specify will display as the selected entity type for the assignment rule.

When scanning using custom metadata, DryvIQ will not detect changes to the metadata on subsequent scans. If you edit the metadata for a file after a scan has run and the file has been classified, DryvIQ won't acknowledge the change or remove the file from the previously assigned tracking group.

Operator

The operator specifies the relationship between the entity type and the value you will add. The available operators change based on the entity type selected. Entity types that use the “exists” property only provide an “equals” operator. You will then select either True (the selected entity type exists in the file) or False (the selected entity type doesn’t exist in the file) as the value.

Other entity types allow you to select from a list of operators that determine how the value you add in the next field relates to how to file is matched against the assignment rule.

Value

In some instances, you will need to enter a value in this field. This will be the exact string that should be used to determine if the file matches the entity type. This could be any combination of words, numbers, and symbols.

If you select to use one of the classifiers to detect an item, you will need to specify the ID for the item. These can be found in the download file available on the documentation page for each classifier. For example, if you want to use the Sensitive Object Detector to find QR barcodes, you would need to specify the ID for this item in the Value field as indicated in the image below.

 

If you selected to use an “exists” entity type, you must select either True or False as the value from the available list.

 

If you select frequency, you will specify the value that corresponds to the operator you select.

If you select to use the File Details entity type and select a date (created on or modified on) with the “older than” modifier, you will have a Value field for the number and a Unit field to select days, weeks, months, or years. These will be rolling values that automatically calculate based on the current date when the scan runs.

Match Threshold

The match threshold provides the ability control the match confidence threshold used for each preinstalled or regular expression entity type added to an assignment rule. This means that the entity type will only be flagged as a match if the confidence level of the match is at or above the specified threshold.

Each preinstalled entity type has its own default match threshold. When you add an entity type to a policy, the slider will be set to the entity type default threshold value. You can adjust the threshold in increments of 5% until you get the threshold you want to use for the assignment rule. The new threshold you set will override the default threshold for the policy.

 

If you edit the threshold and want to return back to the default value, you can select the Default box. This will set the threshold back to the default for the entity type, but the default value will not display on the screen. If you are adding a new entity type to the assignment rule, you can clear the Default box to view the default threshold value.

However, once you apply the changes to the assignment rule, DryvIQ can no longer match the entity type to the default threshold. Clearing this box clears the threshold, and you will need to manually apply the threshold you want to use by using the slider or by selecting the Default box, which will pull the default threshold for the entity type when the scan executes.

 

You cannot edit the threshold for entity types such as Content Category, Custom Metadata, File Details, Tags, and block list entity types because these types don’t use a threshold; instead, they are one-to-one matches based on the criteria you specify. For these entity types, the Match Threshold settings will not display when adding the entity type to a policy. When editing the policy, the threshold fields will display, but editing them will not affect the match threshold.

 

 

Adding Assignment Rules

  1. Select Add criteria.

  2. Select Edit in the Select an entity type field.

  3. The select an entity type modal appears.

  4. Select the entity type you want to use. The list displays the first 100 entity types. If you have more than 100 entity types, use the Load more link to display additional entity types as needed.

  5. Select the property you want to use from the Select a property list.

  6. Select Done.

     

  7. Select the operator you want to use from the Select an operator list. The available operators depend on the entity type property you selected in step 5.

  8. Enter the value you want to use in the last field.

     

  9. Repeat these steps 1-8 for each entity type you want to add to this assignment rule. (Remember, all entity types added to the same assignment rule serve as an “and” condition. A file must match all the entity types listed for the file to be added to the tracking group.)

  10. Click the X next to an entity type line to remove it as needed.

     

  11. To add another assignment rule, select the + under the previous assignment rule, and add the entity types for that rule. (Remember, each separate assignment rule serves as an “or” condition. If a file doesn’t meet the criteria of the previous assignment rules(s), it will be compared against the subsequent assignment rules in the tracking groups in sequential order.)

Duplicating an Assignment Rule

You can duplicate an assignment rule to use as the base of a new assignment rule. This is useful if a subsequent assignment rule needs to be similar to an existing rule. Instead of adding all the criteria again, you can simply edit the fields that need to be changed.

  1. If necessary, select Edit for the tracking group to enable editing.

  2. Click the ellipses (…) for the assignment rule you want to duplicate.

  3. Select Duplicate from the menu that displays.

Ordering Assignment Rules

Assignment rules will be read in the order they display in the tracking group. If you add multiple assignment rules to a tracking group, you can reorder them to ensure they are in the proper order in the event you added them out of sequence.

  1. If necessary, select Edit for the tracking group to enable editing.

  2. Hover in front of the assignment rule. Up and down arrows will appears.

  3. Click the up arrow to move the action up and the down arrow to move the action down.

     

Deleting an Assignment Rule

  1. If necessary, select Edit for the tracking group to enable editing.

  2. Click the ellipses (…) for the assignment rule you want to delete.

  3. Select Delete from the menu that displays.

Understanding Default Assignments

If the last tracking group on a policy contains an empty, unnamed assignment rule, the system will treat this tracking group as the “catch all” group for the policy. Any items not assigned to one of the “full” tracking groups on the policy will be assigned to this tracking group.

 

 

DryvIQ Govern Version: 5.9.2
Release Date: December 17, 2024