Using this feature, PEM Administrator reports the access level permissions for any files based on the combination of Principals and Access Type specified in the Expression field of the Windows platform. Multiple expressions can be grouped into one access bundle, then these bundles can be added to protection policies and subsequently used in the Targets. When executed, the policy will locate files having associated access control or permission that the user has specified in the access bundle(s). These files will be reported as a Smartcrypt Discovery event in the DSI reporting where a detailed view of the discovery event appears.
To access this screen, go to Discovery > Access Bundle.
Add an Access Bundle
To add an access bundle, follow the below steps:
Click Add button. This opens Add Access Bundle screen.
Enter the name of the bundle in Name field.
Check the Enabled checkbox to enable the access bundle. If this option is disabled, the access bundle will not appear in File Protection Policy screen.
Specify rule or criteria in the Expression field. Using this field, a combination of rules can be generated based on access rights of the files. A set of multiple rules can be defined in this field using logical operators like And, OR, or Not.
To create an expression, follow the below steps:
Select the Object Type from the given list. There are three Object Types:
BuiltIn – This option allows you to select Principals from the list of Windows Built-in Security Principals.
User - This option allows you to search and add the specific users in the Principal field.
Group – This option allows you to search and add the Groups in the Principal field.
Select required access type from the list i.e., equal, or unequal.
Select the principal from the given list of drop-down like administrator, everyone and AD users and groups. Values in the Principal field are dependent on the Object Type selected.
Select the permission type or access rights from the given list of drop-down i.e., read, write, execute, etc. The user needs to select exact permission type, i.e., modify will not trigger on full control or read & write permission. Therefore, an access right must be selected very carefully.
Multiple expressions or rules in the same access bundle can be created by adding a row or a group. To do so, click Add Row or Add Group button and select the required logical operator.
Click Save button to save the details else click Cancel.
For example, in the below screenshot, an expression is created stating to report all those files that either have Domain Administrators with full control or an AdminAPI group with Modify permission. Applying this rule will discover all files which satisfy this condition.