000031896 - Differences between List Folder Contents and Read & Execute permissions when using StealthAUDIT and Data Access Governance (DAG) in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Sep 3, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000031896
Applies ToRSA Product Set:  RSA Identity Governance & Lifecycle 
RSA Version/Condition:  6.9.1, 7.0.x, 7.1.x, 7.2.0
Platform (Other): StealthAUDIT
IssueStealthAUDIT does not appear to differentiate between List Folder Contents and Read & Execute permissions when collecting data using RSA Identity Governance & Lifecycle Data Access and Governance (DAG). StealthAUDIT marks any List Folder Contents permissions as Read & Execute yet these two permissions are different. This RSA Knowledge Base Article article provides an explanation of this behavior and details on the difference between List Folder Contents and Read & Execute 
ResolutionStealthAUDIT and DAG collect the permissions correctly. The apparent discrepancy is due to the different way Microsoft presents this data to the user. The problem is that Microsoft uses the same ACL that is collected by StealthAUDIT against files and folders, but interprets them and displays them differently depending on if the ACL is applied to a file or a folder. 
  1. Read & Execute and List Folder Contents (folders only) assigns Special Permissions as outlined below.
  2. List Folder/Read Data is one of those Special Permissions.  

            User-added image

For more information, see the Microsoft article entitled How Permissions Work. In that article is the following explanation on how List Folder Contents (folders only) and Read & Execute differ:

Although List Folder Contents (folders only) and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents (folders only) is inherited by folders but not files, and it should only appear when you view folder permissions. Read & Execute is inherited by both files and folders, and it is always present when you view file or folder permissions.