This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Differences between List Folder Contents and Read & Execute permissions when using StealthAUDIT and Data Access Governance (DAG) in RSA Identity Governance & Lifecycle

Article Number

000031896

Applies To

RSA Product Set:  RSA Identity Governance & Lifecycle 
RSA Version/Condition:  6.9.1, 7.0.x, 7.1.x, 7.2.0
Platform (Other): StealthAUDIT
 

Issue

StealthAUDIT does not appear to differentiate between List Folder Contents and Read & Execute permissions when collecting data using RSA Identity Governance & Lifecycle Data Access and Governance (DAG). StealthAUDIT marks any List Folder Contents permissions as Read & Execute yet these two permissions are different. This RSA Knowledge Base Article article provides an explanation of this behavior and details on the difference between List Folder Contents and Read & Execute 
 

Resolution

StealthAUDIT and DAG collect the permissions correctly. The apparent discrepancy is due to the different way Microsoft presents this data to the user. The problem is that Microsoft uses the same ACL that is collected by StealthAUDIT against files and folders, but interprets them and displays them differently depending on if the ACL is applied to a file or a folder. 
  1. Read & Execute and List Folder Contents (folders only) assigns Special Permissions as outlined below.
  2. List Folder/Read Data is one of those Special Permissions.  


            Image descriptionImage description

For more information, see the Microsoft article entitled How Permissions Work. In that article is the following explanation on how List Folder Contents (folders only) and Read & Execute differ:

Although List Folder Contents (folders only) and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents (folders only) is inherited by folders but not files, and it should only appear when you view folder permissions. Read & Execute is inherited by both files and folders, and it is always present when you view file or folder permissions. 

              

 
Tags (97)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 09:42 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.