Configuring Data Sources: Modify Permissions
If you select the Modify Permissions action for a policy, you need to complete additional configuration when you add data sources that support permissions. In order for DryvIQ to modify permissions, you must specify to whom permission should be granted and the permission level that should be assigned (Read, Read and Write, or Full Control).
Open the policy that contains the data source you need to configure.
Click the View link in the configuration notification (or navigate to the Data sources page within the policy).
Click Configure next to the data source you need to configure.
The configure actions modal appears. It displays all tracking groups that contain actions that require configuration.
Click Edit for the tracking group action you want to configure.
Configuration fields display for the tracking group action. Click Add user or group.
A new Add or update permissions from field displays and defaults to Group. Use the list to select User if you want to modify the permissions for a specific user instead.
Based on your selection, the window below will display all the groups or users on the data source. Select the group or user. (Use the Search option to search for a specific group or user.)
For external users, type an email address in the field. You also have the option of using an “allusers@domain” wildcard to find all users with an email address with the specified domain.
Click Done to finish selecting the group or user.
Use the Add user or group button to add additional groups, users, or email addresses as needed.
Use the Set Permission level list to select the permission level you want to assign: Read, Read and Write, or Full Control.
If you want DryvIQ to remove all existing permissions from all users and groups before applying the selected permission level to the specified group(s) and/or user(s), select the Remove all existing user or group permissions before setting permission level box. If this box is left blank, DryvIQ will add the selected permissions to the specified group(s) and/or user(s) but will not modify any existing permissions for any other groups or users.
Click Apply changes.
Click Done on the Configure actions modal.
NFS Data Sources
For Network File System (NFS) data sources, you will have a text box where you will need to type the name of the group or account. The format will generally be similar to DOMAIN\USER or DOMAIN\GROUP. The permissions action will fail during the scan if you enter an invalid user or group.
Understanding Permission Inheritance Restrictions
Not all platforms support breaking permission inheritance. Permission inheritance will be broken if the platform supports breaking inheritance. If breaking inheritance is not supported by the platform, the action will be skipped, and the restriction will be noted.