Data Loss Prevention

Hi,

can anyone explain why Data Insight classes a deleted user (showing the SID) as an 'active user' in the permissions reports?

Many thanks

tanngo,

There may be multiple other things that could be affecting this, but the first thing that comes to mind is how often you have Data Insight scheduled to update the Active Directory user information. If it is not scheduled to update on a regular basis, you may simply have outdated information inside Data Insight. It uses an index of AD to display information in reports and permissions views. If it is a recent change, you may want to simply sync up the index under the Directories section. If this isn't the case, you may want to look at speaking with support to let them check into the issue.

Tanngo:

In the Symantec DataInsight (SDI) reports for permissions there are several choices:

Inactive Users

Path User User Account BU Name Custodian

Path Permissions

PermissionsTable
File Server,Access Path,Path Name,Path Type,Trustee Type,User Name,User Account,Path Inheritance,Group Membership,BU Name,BU Owner,Permission,User State,DFS Path,Permission Type,Apply to,user_id,Uniqueness,Share Point level,Member Count,A.group_id,A.user_name,A.user_account,A.user_id,

Entitlement Review

User / Group Permissions

MembershipTable
User Name,User Account,Group Name,user_id,
 

Are you seeing the user on data that has not aged off and the user previously had access permissions or events for the data or are you seeing the user reported as active on new data?

Which report is providing the information to you?

I suspect you are seeing an Entitlement Review showing  the user as Active and would ask what the field

Inactive Time Period :
Last  3 MONTHS (default)

is set to? (under the report you created click on the configuration tab to modify the default. To get to the tab use Select Action, Edit)

I see my post button was awaiting me when the last entry came up.

I believe the other side of the issue is how long the data is valid for.

Rod