Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
governance [2020_04_27 09:32] dangovernance [2024_03_18 21:10] (current) – [2 Permissions and access control] steven
Line 4: Line 4:
 ===== 1 User Management ===== ===== 1 User Management =====
  
-{{:/governance:steps:sme_1_user_management.png}}+{{ ::screenshot_2020-10-30_at_15.23.05.png?600 |}}
  
 Users and user roles can be controlled directly by the Cloud Administrator when setting up the Cloud File Server. Users and user roles can be controlled directly by the Cloud Administrator when setting up the Cloud File Server.
Line 10: Line 10:
 ===== 2 Permissions and access control ===== ===== 2 Permissions and access control =====
  
-{{:/governance:steps:sme_2_permissions_and_acce.png}}+{{ ::screenshot_2020-10-30_at_15.25.15.png?600 |}}
  
 Once shared folders for the Cloud File Server have been added, the Cloud File Server Admin can control access to folders and sub folders using an access control list. If a user has no permission to a folder the folder is not displayed at all in their file tree. Once shared folders for the Cloud File Server have been added, the Cloud File Server Admin can control access to folders and sub folders using an access control list. If a user has no permission to a folder the folder is not displayed at all in their file tree.
  
-FAQ: We often get asked if we support Active Directory integration. We support Active Directory integration, and this enables single sign on and group permissions federation. You can find more about Active Directory integration on our Wiki [[organisationcloud/activedirectory|here]].+FAQ: We often get asked if we support Active Directory integration. We support Active Directory integration, and this enables single sign on and group permissions federation.
  
  
Line 20: Line 20:
  
  
-{{:/governance:steps:sme_3_notifications.png}}+{{ ::screenshot_2020-10-30_at_15.27.16.png?600 |}} 
  
-The Cloud File Server Admin can setup notifications. Notifications are based upon rules that are invoked on file events. If a file of a certain description, file name or extension is uploaded, updated, viewed etc, then the nominated users can receive notification alerts.+The Access Anywhere Admin can setup Audit Watch notifications. Notifications are based upon rules that are invoked on file events. If a file of a certain description, file name or extension is uploaded, updated, viewed etc, then the nominated users can receive notification alerts.
  
  
 ===== 4 Event Auditing and Other Governance Options ===== ===== 4 Event Auditing and Other Governance Options =====
  
-Event logging is built into the Cloud File Server and it works above any storage provider that is mapped to the File Fabric. Which types of events are logged can be controlled by the org. admin from the Security tab of the Policies page:+Event logging is built into Access Anywhere and it works above any storage provider that is mapped to Access Anywhere. Which types of events are logged can be controlled by the org. admin from the Security tab of the Policies page: \\ \\
  
 {{ :cloudappliance:cloudappliance:syslog:events_to_log.png?direct&600 |}} {{ :cloudappliance:cloudappliance:syslog:events_to_log.png?direct&600 |}}
Line 33: Line 33:
 ===== 5 Displaying and Filtering Event Logs ===== ===== 5 Displaying and Filtering Event Logs =====
  
-The org. admin can view the events belonging to the org. on the Audit Events Log page which is accessed from the admin's Organization pull-down menu:+The org. admin can view the events belonging to the org. on the Audit Events Log page which is accessed from the admin's Organization pull-down menu: \\ \\
  
-{{ :cloudappliance:audit_events_log.png?direct&600 |}}+{{ :cloudappliance:audit_events_log.png?direct&600 |}} \\ \\
  
  
Line 42: Line 42:
 **Search logs** **Search logs**
  
-The contents of the Log field will be filtered by the value you provide here without regard to case.+The contents of the Log field will be filtered by the value you provide here without regard to case. \\ \\
  
-{{ :cloudappliance:better_logs.png?direct&400 |}}+{{ :cloudappliance:better_logs.png?direct&400 |}} \\ \\
  
 **Type** **Type**
  
-Events are classified by type.  You can filter by any single type or allow all types:+Events are classified by type.  You can filter by any single type or allow all types: \\ \\
  
-{{ :cloudappliance:type.png?direct&200 |}}+{{ :cloudappliance:type.png?direct&200 |}}\\ \\
 **User, Date and Tool** **User, Date and Tool**
  
-You can also filter by the user whose action caused the events, the date or range of dates during which the events occurred, and the tool that was used. +You can also filter by the user whose action caused the events, the date or range of dates during which the events occurred, and the tool that was used. \\ \\ 
-{{ :cloudappliance:user_date_range_and_tool.png?direct&200 |}}+{{ :cloudappliance:user_date_range_and_tool.png?direct&200 |}} \\ \\
  
 The date range is inclusive.  To select events for a specific date set that date as both the From date and the To date. The date range is inclusive.  To select events for a specific date set that date as both the From date and the To date.
Line 61: Line 61:
 You can set values in any or all of the five filters and then search.  The filters are logically combined so that only events that qualify for all of the filter values that have been set are displayed. You can set values in any or all of the five filters and then search.  The filters are logically combined so that only events that qualify for all of the filter values that have been set are displayed.
  
-Use the Search button at the bottom left of the page to re-filter the results after you change a filter value. You can reset all of the filters to their default (no value) state by clicking in the link under the Search button. +Use the Search button at the bottom left of the page to re-filter the results after you change a filter value. You can reset all of the filters to their default (no value) state by clicking in the link under the Search button. \\ \\ 
-{{ :cloudappliance:search_and_reset.png?direct&200 |}}+{{ :cloudappliance:search_and_reset.png?direct&200 |}} 
 === Exporting Audit Logs === === Exporting Audit Logs ===
 Your filtered set of audit log entries can be downloaded in four forms: Your filtered set of audit log entries can be downloaded in four forms:
Line 70: Line 70:
   * PDF file as a formatted report   * PDF file as a formatted report
  
-Access these three options from the Export pulldown near the top of the Audit Event Logs page:+Access these three options from the Export pulldown near the top of the Audit Event Logs page: \\ \\
 {{ :cloudappliance:ael_-_export.png?direct&200 |}} {{ :cloudappliance:ael_-_export.png?direct&200 |}}
 === Archiving and Erasing Audit Logs === === Archiving and Erasing Audit Logs ===
-Because audit log entries accumulate quickly you will probably want to archive the entries from time to time and then erase them.  You can access archiving and deletion features from the Options pulldown near the top of the Audit Event Logs page: +Because audit log entries accumulate quickly you will probably want to archive the entries from time to time and then erase them.  You can access archiving and deletion features from the Options pulldown near the top of the Audit Event Logs page: \\ \\ 
-{{ :cloudappliance:ael_-_archive_and_erase.png?direct&200 |}} +{{ :cloudappliance:ael_-_archive_and_erase.png?direct&200 |}} \\ \\ 
-To archive the audit log entries, select Archive from the pulldown menu and a confirmation box will be displayed: +To archive the audit log entries, select Archive from the pulldown menu and a confirmation box will be displayed: \\ \\ 
-{{ :cloudappliance:archive_confirm.png?direct&200 |}}+{{ :cloudappliance:archive_confirm.png?direct&200 |}} \\ \\
 Click on Archive to proceed or Cancel to cancel. Click on Archive to proceed or Cancel to cancel.
  
-If you proceed a background task will be created which will create a zip file containing the audit log entries.  If you care to inspect the background task, find its entry on the Tasks tab of the File Manager page:+If you proceed a background task will be created which will create a zip file containing the audit log entries.  If you care to inspect the background task, find its entry on the Tasks tab of the File Manager page:  
 {{ :cloudappliance:archive_cloud_task.png?direct&600 |}} {{ :cloudappliance:archive_cloud_task.png?direct&600 |}}
  
 Audit logs archives will be placed by the background task in an Audit logs Archive directory in the admin's root directory: Audit logs archives will be placed by the background task in an Audit logs Archive directory in the admin's root directory:
 +
 {{ :cloudappliance:audit_logs_archive.png?direct&400 |}} {{ :cloudappliance:audit_logs_archive.png?direct&400 |}}
 +
 Select Erase Logs from the pulldown menu to erase old audit log entries. Select Erase Logs from the pulldown menu to erase old audit log entries.
 <WRAP center round important 60%> <WRAP center round important 60%>
-When you erase audit log entries they will no longer be available from the File Fabric.  If you need a historical record, archive these entries before you delete them and be sure that the archive job has completed successfully prior to proceeding.+When you erase audit log entries they will no longer be available from Access Anywhere.  If you need a historical record, archive these entries before you delete them and be sure that the archive job has completed successfully prior to proceeding.
 </WRAP> </WRAP>
-When you erase audit log entries, only entries from before a date that you select will be erased:+When you erase audit log entries, only entries from before a date that you select will be erased:  
 {{ :cloudappliance:erase_logs_date.png?direct&200 |}} {{ :cloudappliance:erase_logs_date.png?direct&200 |}}
 +
 After you have selected the date click on Erase to proceed or click on Cancel if you have changed your mind. After you have selected the date click on Erase to proceed or click on Cancel if you have changed your mind.
  
 === Tracing Downloads by Watermark === === Tracing Downloads by Watermark ===
-The File Fabric provides a [[watermarking|]] feature that affixes a random watermark code to downloaded PDF files. You may sometimes want to learn the details of when a watermarked file was downloaded.  To do this, click on the Watermarking Logs link near the top of the Audit Event Logs page: +The Access Anywhere provides a [[watermarking|]] feature that affixes a random watermark code to downloaded PDF files. You may sometimes want to learn the details of when a watermarked file was downloaded.  To do this, click on the Watermarking Logs link near the top of the Audit Event Logs page:
-{{ :cloudappliance:ael_watermarking_logs.png?direct&400 |}}+
  
-This will take you to the Watermarking Logs page:+{{ :cloudappliance:ael_watermarking_logs.png?direct&400 |}} 
  
-{{ :cloudappliance:watermarking_logs.png?direct&400 |}}+This will take you to the Watermarking Logs page:  
 + 
 +{{ :cloudappliance:watermarking_logs.png?direct&400 |}} 
  
 When this page loads it displays a list of all watermarked file downloads in reverse chronological order.  To search for downloads for files with a specific watermark code, enter some or all of the code in the Watermark Code text box and click on Filter.  The text you entered will be used without regard for case to filter the watermark downloads by the code in the first column.  You can clear the filter with the "Clear filter" button. When this page loads it displays a list of all watermarked file downloads in reverse chronological order.  To search for downloads for files with a specific watermark code, enter some or all of the code in the Watermark Code text box and click on Filter.  The text you entered will be used without regard for case to filter the watermark downloads by the code in the first column.  You can clear the filter with the "Clear filter" button.
  
-===== 6 Recording GEO locations =====+### Also See
  
 +[[cloudappliance/syslog|Integrating Audit logs with Syslog]]
 +
 +===== 6 Recording GEO locations =====
  
  
-{{:/governance:steps:sme_6_recording_geo_locati.png}}+{{ :screenshot_2020-10-30_at_16.07.24.png?600 |}} 
  
 GEO locations are recorded with regards to where a file was uploaded from and also where a file was uploaded to. This can ensure companies comply with electronic data laws and international compliance regimes GEO locations are recorded with regards to where a file was uploaded from and also where a file was uploaded to. This can ensure companies comply with electronic data laws and international compliance regimes
Line 113: Line 122:
 ===== 7 Disable File Sharing ===== ===== 7 Disable File Sharing =====
  
 +{{ ::screenshot_2020-10-30_at_16.10.52.png?600 |}}
  
 +The Access Anywhere Admin can disable any sharing or collaboration features of Access Anywhere entirely by disabling the ability for any user to do any form of file sharing or collaboration from Access Anywhere policies page.
  
-{{:/governance:steps:sme_7_disable_file_sharing.png}}+===== 8 Controlling User Access to Storage =====
  
-The Cloud FIle Server Admin can disable any sharing or collaboration features of the Cloud File Server entirely by disabling the ability for any user to do any form of file sharing or collaboration.+{{ ::screenshot_2020-10-30_at_16.14.21.png?600 |}}
  
 +As the Organization, or individual users, may (if configured) user other storage , it is preferable for these to be controlled as part of Access Anywhere rollout in a company. If available this will also enable that auditing, event logging etc for such storage. The Access Anywhere admin can decide which storage a user can add. 
  
-===== 8 Controlling other Data Clouds ===== +For example if each user has a corporate Google Apps account, then the Admin can enable users to add this directly (with any use also being monitored and audited.
- +
- +
- +
-{{:/governance:steps:sme_8_controlling_other_da.png}} +
- +
-As the Organization, or individual users, may user other information clouds, it is preferable for these to be controlled as part of the Cloud File Server rollout in a company. This will enable that any auditing, event logging etc can be setup for such clouds. The Cloud File Server admin can decide which Clouds a user can add.  +
- +
-For example if each user has a corporate Google Apps Docs account, then the Admin can enable users to add this directly, and any use of it can also be monitored and audited.+
  
  
 ===== 9 Encryption options ===== ===== 9 Encryption options =====
  
-{{:/governance:steps:sme_9_encryption_options.png}}+{{:/governance:steps:sme_9_encryption_options.png}} 
  
-Cloud Admins can choose for all files to be encrypted when stored on Cloud. This encryption is AES 256 bit military grade encryption.+Cloud Admins can choose for all files to be encrypted when stored on private / cloud storage. This encryption is AES 256 bit military grade encryption
 + 
 +See the [[cloudencryption|encryption section]] for further information.
  
  
 ===== 10 File versioning Options ===== ===== 10 File versioning Options =====
  
-{{:/governance:steps:sme_10_file_versioning_opti.png}}+{{:/governance:steps:sme_10_file_versioning_opti.png}} 
  
 To ensure the lifecycle of a file is tracked then file versioning can be turned "on" which results in all changed versions of a file being kept rather than overwritten. To ensure the lifecycle of a file is tracked then file versioning can be turned "on" which results in all changed versions of a file being kept rather than overwritten.
  
 +For further information see the [[versions|versioning section]].
 +
 +### Also See
 +
 +* [[features/md5hash|File Verification]]  
 +* [[geoip|IP white listing / black listing]]  
 +* [[antivirus|Virus Scanning Protection]]  
 +* [[watermarking|Watermarking Documents]]