If you select the Remove Permissions action for a policy, you need to complete additional configuration when you add data sources that support permissions. In order for DryvIQ to remove permissions, you must specify from whom and which permissions should be removed.

1. Open the policy that contains the data source you need to configure.

2. Click the View link in the configuration notification (or navigate to the Data sources page within the policy).

3. Click Configure next to the data source you need to configure.

4. The configure actions modal appears. It displays all tracking groups that contain actions that require configuration.

5. Click Edit for the tracking group action you want to configure.
   
   

   Open

   

    

6. Additional fields display for the tracking group action.

7. The Remove permissions from field defaults to Group. Use the list to select User if you want to remove the permissions from a specific user instead.

8. Based on your selection, the window below will display all the groups or users on the data source. Select the group or user. (Use the Search option to search for a specific group or user.)
   
   

   Open

   

   Select the group or user.

    

    

   For external users, type an email address in the field. You also have the option of using an “allusers@domain” wildcard to find all users with an email address with the specified domain.
   

    

9. Click Done to finish selecting the group or user.

10. Use the Add user or group button to add additional groups, users, or email addresses as needed.
    
    

     

11. Use the Permissions to remove list to select if you want to remove All Permissions or All Write permissions.
    
    

     

12. Click Apply changes.

13. Click Done on the Configure actions modal.

NFS Data Sources

For Network File System (NFS) data sources, you will have a text box where you will need to type the name of the group or account. The format will generally be similar to DOMAIN\USER or DOMAIN\GROUP. The permissions action will fail during the scan if you enter an invalid user or group.

Understanding Permission Inheritance Restrictions

Not all platforms support breaking permission inheritance. Permission inheritance will be broken if the platform supports breaking inheritance. If breaking inheritance is not supported by the platform, the action will be skipped, and the restriction will be noted.