Reviewer cant see some events in iConsole when using Data at Rest

Document ID:  TEC1619779
Last Modified Date:  06/20/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Data Protection

Releases

  • CA Data Protection:Release:14.5
  • CA Data Protection:Release:14.6
  • CA Data Protection:Release:15.0
  • CA Data Protection:Release:15.1
  • CA Data Protection:Release:15.2

Components

  • CA DataMinder Active Policy Management:DLPAPM
Introduction:

A reviewer is unable to see events in the iConsole where the events are utilising Data at rest policy, even though the groups and permissions look to be correct.

Question:

A user set up as an Administrator account (no RLS) can see all events including events using the Data at Rest policy, but a reviewer is unable to see them all...

Is RLS (Row Level Security) applied to events that are using the Data at Rest policy for the reviewer?

Environment:
All
Answer:

The issue is the type of Security model set up for the reviewer.

The Administrator account has no RLS applied, the security model is 'Unrestricted' and is able to run a review in the iConsole that is not 'restricted' by RLS, so is able to review all the Data at Rest file movement based on a policy firing.

The reviewer in question has the default management group security model, which is seen in the Admin console under tools>manage security models.

The reviewer added in this question/case would also need access to the 'Policy model' as the data at rest policy is not user (RLS) based, in order to see Data at rest Policy violations/events -see user properties for type of security model applied to that reviewer.

It is common to apply a type of hybrid approach to this (including the reviewer having access to events activated by policy as well as by group management). 

However, if the reviewer is only required to see the Data at rest policy events, only the Policy model is required. 

 

To explain further why the logic works like this, it is simply that a user may have access to a machine that they are copying a file to, the recipient machine may not be user based if the file is open to anyone logging onto that machine (name), so it would be incorrect to record file movement to another user. As this is the case, only the machine name is captured.

 

Additional Information:

The computer name is stored in the wgn3address table from where we applied the Scan job.
This name we cannot map in the Admin console to any user or reviewer. so we cannot view the associated events with management security model.
To resolve this issue, we need to map the reviewer to policy model. Please see the admin guide and the iconsole guide for setting up a reviewer to see events by policy. 

To use both the managed group and the Policy model, a hybrid model is required.

In order to set up the hybrid user account. 


Note: DBA may be required to create hybrid user and schema in order to progress. 

Initial setup was to see All Policies, which the current data had classes already set, the reviewer could successfully see the required events. 
It is possible to create additional Classes of events which can then be added to a refined policy role. 
Note: when testing, the new data classes will not be in the events until they are triggered again. (fresh run and usage required). 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing