How open shares are reported in Data Insight

book

Article ID: 100039059

calendar_today

Updated On:

Description

Description

Shares are incorrectly listed as "open" or "not open," in Data Insight.

  • Shares that were initially listed as "not open" are now listed as "open."
  • Shares that, at the root level, are expected to be "not open" are marked as "open."

A share is considered to be open based on the permissions that are assigned to it. You can define the parameters that determine whether a share should be considered as open. However, the open share policy does not allow you to define specific permissions that render a share open.

One of the following parameters determine whether a share is open:
  •  If certain group has access to a share, either directly, or as a nested group
  •  If more than a certain number of users have access to the share

Additionally, you can also specify granular criteria for examination, such as:
  • The level at which Data Insight should start examining the paths
  • The number of levels deep to examine the path permissions

Below are the default "open share" policy values:
  • List of groups: Domain Users or Everyone
  • No of users who have access to the share: 500
  • Level to start examining permissions: 1
  • Depth to examine: 3

According to the information above, any share that is accessed by the Domain Users/Everyone group, or by more than 500 users is considered to be open. For this purpose, the ACLs are examined from level 1 (root being level 0), and all folders three levels down are examined.


Example:

An initially non-open share, with the following permissions will be marked as open if a sub-folder is created, with "Everyone" listed in the ACL. The share will be marked as "open," after the "Dashboard Computation" is executed by default, daily at midnight.



Figure 1: Initial share status
 
User-added image



Figure 2: Initial share permissions

User-added image



Figure 3
 
User-added image



After adding a sub-folder (folder "4" in this example), the status of the parent share ("user.one") changes to "Open" after a scan cycle. This is due to the ACL settings of folder "4" as shown in Figure 4 below, combined with the Data Insight "Open share" policy settings.  The default policy will flag a share as "open" if the "Everyone" has access to content of a share.  
In the present example, "Everyone" will be able to access the content of "\\iadata01.iasyd.veritas.com\user.one\4"


Figure 4
 
User-added image



Figure 5
 
User-added image



Figure 6
 
User-added image

Issue/Introduction

How open shares are reported in Data Insight
Powered by Wolken Software