Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000033419 - Data Access Review for the file share does not show the accounts which have access to file share via the group in RSA Identity Governance and Lifecycle

Document created by RSA Customer Support

on Sep 21, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000033419
Applies To	RSA Product Set: RSA Identity Governance and Lifecycle
Issue	If you are collecting file shares using Data Access Governance (DAG) collectors in G&L, collected file shares might have access to both groups and accounts. Each group might have accounts and users as its members. When you run the default Data Access Review, for a given file share, you might find that sometimes it shows accounts which have access to a file share via a group and sometimes it does not show accounts which have access to a file The file share below shows access to six groups and one account: One of the groups has account as its member: The screen shot below shows Data Access Review and its contents: This screen shot shows the group DLG_FS_NAS_WholeNAS_Modify whose members are not included in review result:
Resolution	Below is the behavior of groups and accounts in groups in Data Access Reviews. Groups are of two types: Managed. Groups that have access to just one data resource. Such groups have the column MANAGEDRES_TYPE set to a value of D in internal table T_GROUPS. Non Managed. Groups that have no access to none or more than one data resource. When the option For each member, review the data resource granted from a data resource group is selected on review definition, the following happens: If a group is managed, the relation of group to data resource will not be reviewed. Instead, the access of accounts in the group to the data resource will be reviewed. If a group is non managed, the relation of group to data resources will be reviewed. The access derived by accounts in that group to the group’s data resources will not be reviewed. So, from number 2 above, it can be said that for a given group, either a group is reviewed (non managed) or accounts in the group (managed) are reviewed but not both at a time. That is the expected behavior today.

Attachments

Outcomes

0 Comments

Recommended Content