DataGuard settings

 Top  Download  Previous  Next

Default rights

As a result of the migration of settings from nVision 9, a set of default rights is created by aggregating the rights that have been granted so far to the Agents and to the superior entity of Active Directory (the highest level of “AD trustees”) so that it will include the maximally restrictive set of rights. As a result of the aggregation, more restrictive are:

blocking the carrier,

enabling the audit of file operations on the carrier.

Setting the maximally restrictive set of rights as the “Default rights” is necessary to ensure the continuity of data protection against data leaks for each new user directly after the migration.

 

 

Transferring DataGuard settings:

The parent group “DataGuard Rules” with no defined custom settings will be created.

The DataGuard rights assigned to the Atlas in nVision 9 are compared to the default rights in nVision 10. Then, the “Group from Atlas” is created as a subgroup of the “DataGuard Rules” parent group where any rights different from the default rights are assigned. The rights with the same values as those that previously existed in the Atlas are assigned to this group. The assigned rights are the individual rights for this group.

For each map a group named “Group from map X” is created. It is a subgroup of the Atlas group or the superior map from the previous version of the program. Any rights different from the rights of the superior map group or the Atlas group are assigned to this group as individual rights.

For each Agent that was using the individual DataGuard rights, the “Group from device X” is created where users working on this Agent in nVision 9 are assigned.

The account of each non-domain user is placed in groups corresponding to the Agents they were working on. If a user was working on more than one computer, they will be assigned to all groups corresponding to the Agents they were working on.

 

The result of the migration is the representation of rights resulting from the structure of Atlas, maps and Agents in nVision 9 by means of a diagram of user groups which is simplified as much as possible. The final structure of nVision 10 only includes the groups that change the rights in any way. The DataGuard rights of domain users are not changed.

 

 

Additional information:

After the migration to nVision 10, more restrictions may be imposed on each new user, even if they are created on an Agent that previously had no blockades in the DataGuard module.

As the superior entity of “Active Directory” that aggregated rights for all users from AD is deleted, all settings which were defined in it will be lost. The remaining rights of groups and users from Active Directory are in no way modified during the migration process.

As a result of the migration, it may turn out that users from Active Directory receive higher restrictions. This may be the case when the data carrier in nVision 9 was blocked at the Atlas level and a user from Active Directory had access to it as the additional rule providing access to this carrier was defined in the superior entity of “Active Directory”.

Program in version 10 irretrievably loses the ability to define DataGuard rules at the host level. Thus, it is no longer possible to block and audit users on indicated devices only. Each user always has the same set of rules regardless of the computer they are currently logged on to.