RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.0.x, 7.1.x, 7.2.0
Platform (Other): StealthAUDIT
StealthAUDIT does not appear to differentiate between List Folder Contents and Read & Execute permissions when collecting data using RSA Identity Governance & Lifecycle Data Access and Governance (DAG). StealthAUDIT marks any List Folder Contents permissions as Read & Execute yet these two permissions are different. This RSA Knowledge Base Article article provides an explanation of this behavior and details on the difference between List Folder Contents and Read & Execute
StealthAUDIT and DAG collect the permissions correctly. The apparent discrepancy is due to the different way Microsoft presents this data to the user. The problem is that Microsoft uses the same ACL that is collected by StealthAUDIT against files and folders, but interprets them and displays them differently depending on if the ACL is applied to a file or a folder.
- Read & Execute and List Folder Contents (folders only) assigns Special Permissions as outlined below.
- List Folder/Read Data is one of those Special Permissions.
For more information, see the Microsoft article entitled How Permissions Work. In that article is the following explanation on how List Folder Contents (folders only) and Read & Execute differ:
Although List Folder Contents (folders only) and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents (folders only) is inherited by folders but not files, and it should only appear when you view folder permissions. Read & Execute is inherited by both files and folders, and it is always present when you view file or folder permissions.