Previous Topic: Default Policies for File EventsNext Topic: Mapping Email Addresses to Users

Platform Deployment GuideMapping Events to UsersMapping File Events to UsersSearching for Files If No Participants Are Specified

Searching for Files If No Participants Are Specified

Typically, a file import job or FSA scanning job explicitly specifies the event participant. But in addition, if Event Import or the FSA are importing or scanning local files, CA DataMinder automatically associates these file events with the source machine. This ensures that reviewers can search for these file events even if Row Level Security (RLS) is enabled. However, you must add the source machine ID to the address list of an appropriate CA DataMinder user.

How does RLS affect file searches?

RLS is implemented by default when you install a CMS database. RLS ensures that a reviewer can only see events associated with users in their management group when searching the CMS database. However, RLS also means all events must have a participant, otherwise reviewers cannot see them. But file events are problematic in this respect because, unlike emails or IM conversations, there may be no obvious user (that is, no obvious participant) associated with a file. This is particularly true of files scanned or imported from a network server rather than an employee’s workstation.

Note:  Reviewers can override RLS restrictions and search for any events if they have the ‘Admin: Disable management group filtering’ administrative privilege. See the Administration console help for details; search for ‘privileges’.

Source machine ID stored as an event participant

If RLS is enabled, a file event must have a participant to be searchable. Therefore, as a fail-safe mechanism CA DataMinder automatically associates file events with the source machine if Event Import or the FSA are importing or scanning local files (but see the note below). This ensures that each file has a participant, even if the import job or scanning job omit to explicitly identify one. In turn, this allows reviewers to search for these files and determine which machine they originate from (providing these machine IDs have been associated with a CA DataMinder user account).

In technical terms, CA DataMinder automatically stores the source machine ID (this is the server hosting Event Import or the FSA) in the address table in the CMS database. For example:

cn=UX-MILAN-W2K3, cn=computers or cn=10.130.2.28, cn=computers

More information:

Network Boundary Agent (NBA)

File Scanning Agent (FSA)

Event Import