Through Windows Active Directory, it is possible to have a resource without associated access information, whether through a null security descriptor (SD) or a null discretionary access control list (DACL). This resource is accessible by all groups and users.
Data Governance Edition enables you to put in place a security measure to eliminate this possibility by adding a user or group to ensure that all resources have access information.
To add an account to a null SD or null DACL
In the Accounts result list, double-click the Null Security Descriptor Alias or the Null Discretionary Access Control List Alias account.
|
Note: If you do not see a Null Security Description Alias or Null Discretionary Access Control List Alias in the view, then you have no orphan SDs or DACLs. |
In the Tasks view, select Manage access.
A list of managed hosts and the resources without assigned access display.
Access to data affects how employees can ultimately perform their day to day tasks. Through the Manager, administrators can manage and set permissions for network objects. For more information, see Viewing the security on objects.
|
Note: Access can also be granted through the web portal’s IT Shop. Employees access requests follow a defined approval process where authorized persons, the business owner and group owner, can approve or deny requests. For more information, see Publishing resources to the IT Shop. |
Before you can edit permissions, you must be granted the Data Governance\Access Managers application role.
Viewing the security on objects
Modifying discretionary access control list (DACL) permissions for NTFS resources
Modifying auditing system access control list (SACL) permissions for NTFS resources
Assigning an owner to a resource
Working with SharePoint security permissions
You can see and manage the security for a selected resource or a selected account. Once you have located an object, you can see:
For SharePoint, you can see the permissions associated with a particular permission level, and a summary of all the permissions granted by the combination of assigned permission levels.
For SharePoint, you can switch between inherited and unique, and then configure the unique permissions.
For details on managing security on objects, see:
As the administrator, ensure that users and groups have the access they require to perform their day to day tasks. Using Data Governance Edition, you can determine the existing data access, add users and groups to the resource ACL, edit any existing access, and remove access as required.
|
Note: You can only modify access that has been explicitly granted, but you can change inheritance from the Control tab when you select to Edit Security for a resource. |
|
Note: If you see a message in the list of issues that the forest or domain could not be contacted, this could be because the trusted domain has not been synchronized with One Identity Manager. |
To add, edit or remove access DACL permissions
Open the Resource browser using one of the following methods:
You can use the Location field, at the top of the tab, to view your current location. If you have navigated too far, you can move back by clicking the Up One Level button ( ).
Back on the Folder Permissions or File Permissions tab, unsaved changes appear bold.
You can now browse through the network to ensure that the proper access has been granted or removed.
To configure DACL inheritance settings
Select whether you want the settings to be inherited. The Inheritance from Parent options available include:
Allow inheritable permissions from the parent to propagate to this object and all child object.
|
Note: Clearing either of these check boxes cause inheritance to be blocked. Select the appropriate option on the Block Access Inheritance dialog before clicking OK to confirm this change:
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy