Resource browser
The Resource browser provides a live view of the data on the selected managed host. Using the Resource browser, you can browse through the supported files system to view and manage security information for folders and shares on the target managed host.
The Resource browser displays the following information:
- For a Windows computer, the shares and file system display.
- For a SharePoint farm, each farm is represented as a hierarchy, with the farm as the top level, followed by web applications, site collections, sites and then the contents of the site. The contents of a list are shown as “list item”, regardless of the type of item in SharePoint. The Resource browser displays a list of the web applications on the selected farm.
- For a Distributed File System Root, links are displayed at the top level. Browsing into a link shows its target paths and browsing into a target path takes you to the appropriate backing folder. While browsing a backing folder, the Distributed File System path is shown in the Location field at the top of the page.
-
For Cloud managed hosts, each site is represented by a folder hierarchy, with the Home top level site displayed as Site contents folder, followed by all other subsites. Each site contains a Site contents folder encompassing other nested folders. The contents of a site and document library are shown as "folder" type, whereas, files are shown as "file" type items. No other resource types are managed for Cloud managed hosts.
NOTE: The Resource browser and resource access reports do not display the limited access users or "previewer" accounts.
You can display the Resource browser from the following views:
- Managed hosts view
- Accounts view
- Governed data view
Double-click through the resources to locate a resource. Depending on the resource type, you can perform the following tasks against the selected resource.
Table 22: Resource browser: Resource tasks
| Calculate perceived owners |
Calculates and provides a list of the perceived owners for the selected resource using the resource activity history or security information. |
Calculating perceived owner |
| Copy resource path |
Copies the full path of the selected resource to the clipboard. |
|
| Copy Share Path |
Copies the path of the selected Share to the clipboard. |
|
| Edit host settings |
Launches the Managed Host Settings dialog allowing you to view or edit the configuration settings for the selected managed host. |
Editing managed host settings |
|
Place resource under governance |
Places the selected resource under governance, making it available for use in policies and attestations.
NOTE: Only applies to folders and shares. That is, you cannot place a file under governance. |
Placing a resource under governance |
| Publish to IT Shop |
Publishes the selected resources to the IT Shop, making it available for identities and business owners to request and grant access to it. If applicable, also places the resources under governance.
NOTE: Only applies to folders and shares. That is, you cannot publish a file to the IT Shop.
NOTE: Not available for resources on NFS managed hosts.
NOTE: Not available for resources on Cloud managed hosts. |
Publishing resources to the IT Shop |
| Refresh |
Retrieves and displays the latest details in the Resource browser. |
|
| Remove resources from governance |
Removes the selected resources from governance. |
Removing resources from governance |
| Resource access report |
Generates a report that identifies the accounts that have access to specific resources within your environment. |
Resource access report
Viewing selected reports within the Manager |
| Resource activity report |
Generates a report that provides a list of activities recorded over a period of time to verify proper resource usage and decide whether to remove access for particular accounts.
NOTE: Not available for resources on Cloud managed hosts. |
Resource activity report
Viewing selected reports within the Manager |
| Toggle layout options |
Shows or hides the Layout controls at the top of the view, allowing you to change the layout displayed. |
Toggle layout options |
| Unpublish from IT Shop |
Removes a previously published resource from the IT Shop.
NOTE: Not available for resources on NFS managed hosts.
NOTE: Not available for resources on Cloud managed hosts. |
Publishing resources to the IT Shop |
| View deviations |
Displays a tree view of all resources and all sub-resources below the root that have explicit security applied to them and any deviation warnings or errors encountered for the selected resource. As you select resources in the tree, you can view and manage their security.
NOTE: Not available for resources on NFS managed hosts.
NOTE: Not available for resources on Cloud managed hosts. |
Managing security deviations |
| View governed data details |
Displays a graphical representation of the details available for governed resources. |
|
When an account in the resource's permissions pane (lower pane) is selected, you can perform the following tasks against the selected account.
Note: These account tasks are not available for resources on NFS managed hosts.
In addition, you can access the following views from the Resource browser.
Table 24: Resource browser: Views
| Governed data |
Displays the Governed data view to view all the resources within the selected host that have been placed under governance. |
Governed data view
Managing resources under governance |
| Accounts view |
Displays the security index information returned by Data Governance agents for the selected managed host.
NOTE: Not available for NFS managed hosts. |
Accounts view |
Manage access view
The Manage access view appears when Manage access is selected from the tasks view. From this view, you can see the access for the selected account on all managed hosts within your environment and detailed group membership information. This view consists of the following panes:
By default, the results in the Access Points pane are grouped by the host name of managed host. Expand a managed host and select an account in the Access Points pane to display all the resources where the selected user or group has access. Click the Group Memberships tab to view how the account has gained access through group membership. Selecting an account in the Group Memberships pane retrieves and displays the hosts where the selected trustee has access.
Note: This view is not available for NFS managed hosts.
When a resource is selected in the lower pane, you can perform the following tasks.
Table 25: Manage access view: Resource-related tasks
| Calculate perceived owners |
Calculates and provides a list of the perceived owners for the selected resource using the resource activity history or security information.
NOTE: Task is not available for files. |
Calculating perceived owner |
| Clone account access |
Copies the access rights to grant the selected access to another user or group, while maintaining the existing rights on the selected account. |
Cloning, replacing, and removing access for a group of accounts |
| Copy resource path |
Copies the full path of the resource to the clipboard. |
|
| Copy Share Path |
Copies the path of the share to the clipboard.
NOTE: Task is not available for files or folders. |
|
| Edit security |
Displays the Edit Resource Security dialog allowing you to manage the security settings for the selected resource. Right-clicking an account on this dialog allows you to perform the following tasks:
- Add rights
- Remove selected permissions
- Remove all explicit permissions
NOTE: This dialog is the same view displayed in the lower pane of the Resource browser and Deviation view when a resource is selected. |
Working with security permissions |
| Place resource under governance |
Places the selected resource under governance, making it available for use in policies and attestations.
NOTE: Task is not available for files. |
Placing a resource under governance |
| Publish to IT Shop |
Publishes the select resources to the IT Shop, making it available for identities and business owners to request and grant access to it.
NOTE: Task is not available for files.
NOTE: Not available for resources on Cloud managed hosts. |
Publishing resources to the IT Shop |
| Refresh |
Retrieves and displays the latest details in the lower pane of the view. |
|
| Remove account |
Removes the selected account's access from the resource.
For direct access, remove the security setting from the resource ACL. For indirect access, remove the group that is on the ACL; the selected account (the one with the indirect access) remains a member of the group that had the access prior to the removal operation. |
Cloning, replacing, and removing access for a group of accounts |
| Remove resource from governance |
Removes the selected resource from governance.
NOTE: Task is not available for files. |
Removing resources from governance |
| Replace account |
Replaces access to grant the currently configured access to another user or group and remove the access from the original account. |
Cloning, replacing, and removing access for a group of accounts |
| Resource access report |
Generates a report that identifies the accounts that have access to specific resources within your environment. |
Resource access report
Viewing selected reports within the Manager |
| Resource activity report |
Generates a report that provides a list of activities recorded over a period of time to verify proper resource usage and decide whether to remove access for particular accounts.
NOTE: Not available for resources on Cloud managed hosts. |
Resource activity report
Viewing selected reports within the Manager |
| Toggle layout options |
Shows or hides the Layout controls at the top of the view, allowing you to change the layout displayed. |
Toggle layout options |
| Unpublish from IT Shop |
Removes a previously published resource from the IT Shop.
NOTE: Not available for resources on Cloud managed hosts. |
Publishing resources to the IT Shop |
| View deviations |
Displays a tree view of all resources and all sub-resources below the root that have explicit security applied to them and any deviation warnings or errors encountered for the selected resource. As you select resources in the tree, you can view and manage their security.
NOTE: Task is not available for files or shares.
NOTE: Not available for resources on Cloud managed hosts. |
Managing security deviations |
In addition, you can open the following views.
Table 26: Manage access view: Views
| Account overview |
Displays a graphical representation of the information returned by a Data Governance agent for the selected account. |
Accounts view |
| Hosts view |
Displays the managed hosts where the selected account has access. |
|
| Account comparison |
Displays the Account Comparison view allowing you to compare the resource access of two accounts.
NOTE: This feature is not available for Cloud accounts. |
Comparing accounts |
| Account simulation |
Displays the Account Simulation view allowing you to simulate changes to group membership to see the access that would be granted or revoked.
NOTE: This feature is not available for Cloud accounts. |
Simulating the effects of group membership modifications on an account |
Accounts view
The Accounts view appears when Accounts view is selected from the tasks list or right-click menu. The Accounts view displays the security information returned by Data Governance agents for the selected managed host. All resource types where users or groups have some level of access are included.
You can display the Accounts view from the following views in the Manager:
- Managed hosts view
- Resource browser
- Governed data view
Note: This view is not available for NFS managed hosts.
The following table describes the default information displayed for each account.
Table 27: Accounts view: Default layout
| Resource Type |
The type of resource:
- File
- Folder
- Local User Rights
- Operating System Administrative Rights
- Share
- Windows Service Identity
NOTE: By default, the display is grouped by resource type. Click the expansion box to the left of a resource type to expand a resource type to display all of the accounts that have access. |
| Account Name |
The name of the account that has access. |
| Account Type |
The type of account:
- Built-in Group
- Group
- Special
- Unknown
- Machine Local User
- Office 365 User
- OneDrive for Business Group
- SharePoint Online Group
- User
- Well known
|
| Namespace |
The logical group (namespace) to which the account belongs:
- Cloud
- NTFS
- Windows Computer
- Service Identities
|
In addition to the default columns, you can add the following columns to the view using the Column Chooser command.
NOTE: Right-click the column header and select Column Chooser to add hidden columns to the display. In the Customization dialog, double-click the required column or drag and drop it onto the column header bar.
To hide a column, right-click the column header and select Remove This Column. The column is now listed in the Customization dialog and can be re-added to the view as explained above.
Table 28: Accounts view: Hidden columns
| Security Identifier (SID) |
The security identifier (SID) assigned to the account. |
Accounts view tasks
When an account is selected in the Accounts view, you can perform the following tasks against the selected account.
Table 29: Accounts view: Tasks
| Account access report |
Generates a report displaying the account's resource access across all managed hosts within the enterprise. Selecting this task displays the Account Access dialog allowing you to define the report parameters for running the Account access report. |
Account access report
Viewing selected reports within the Manager |
| Account activity report |
Generates a report displaying all the activity for the selected account against specific managed hosts. Selecting this task displays the Account Activity dialog allowing you to define the report parameters for generating the Account activity report.
NOTE: This report is not available for groups.
NOTE: This report is not available for Cloud/Office 365 accounts. |
Account activity report
Viewing selected reports within the Manager |
| Account comparison |
Displays the Account Comparison view allowing you to compare the resource access of two accounts.
NOTE: The selected account is pre-populated in the Source field.
NOTE: This feature is not available for Cloud/Office 365 accounts. |
Comparing accounts |
| Account simulation |
Displays the Account Simulation view allowing you to simulate changes to group membership to see the access that would be granted or revoked.
NOTE: This feature is not available for Cloud/Office 365 accounts. |
Simulating the effects of group membership modifications on an account |
| Manage access |
Displays the Manage access view that displays the managed hosts where the selected account has access. From here, you can also view detailed group membership information. |
Manage access view
Managing account access |
| Toggle layout options |
Shows or hides the Layout controls at the top of the view, allowing you to change the layout displayed. |
Toggle layout options |
In addition, you can open the following views.
Table 30: Accounts view: Views
| Resource browser |
Launches the Resource browser which contains a live view of the data on the selected managed host. You can browse through the supported file systems and see all applied permissions and make changes where required. You can also see where the access on a resource differs from its parent and manage that access. |
Resource browser
Browsing your environment |
| Governed data |
Displays the Governed data view to view all the resources within the selected host that have been placed under governance. |
Governed data view
Managing resources under governance |
