Article Content
Article Number | 000033419 |
Applies To | RSA Product Set: RSA Identity Governance and Lifecycle |
Issue | If you are collecting file shares using Data Access Governance (DAG) collectors in G&L, collected file shares might have access to both groups and accounts. Each group might have accounts and users as its members. When you run the default Data Access Review, for a given file share, you might find that sometimes it shows accounts which have access to a file share via a group and sometimes it does not show accounts which have access to a file The file share below shows access to six groups and one account: One of the groups has account as its member: The screen shot below shows Data Access Review and its contents: This screen shot shows the group DLG_FS_NAS_WholeNAS_Modify whose members are not included in review result: |
Resolution | Below is the behavior of groups and accounts in groups in Data Access Reviews. Groups are of two types:
When the option For each member, review the data resource granted from a data resource group is selected on review definition, the following happens:
That is the expected behavior today. |