Prerequisites
Make sure your system fits the descriptions below before starting the installation.
Software Requirements
File Access Manager requires the latest ASP.NET Core 6.0.x Hosting Bundle. This bundle consists of .NET Runtime and ASP .NET Core Runtime. You can download the latest 6.0.x Hosting Bundle version from here.
Backup Operator Privileges
The user configured in the permissions perquisites section must be a member of the local Backup Operator group of the file server. It eliminates the need to grant explicit permissions to the File Access Manager user to all the folders on the file server. By using the Backup Operator privilege, File Access Manager can crawl, collect permissions, and classify data even if the user does not have explicit permissions to the folder.
Permissions
File Access Manager requires different permissions, based on the tasks that require those permissions. The user configured in the Application configuration wizard must have the following permissions on the file server:
- Share Read permissions to all shares on the file server
- Full Control permission for each normalized folder
- Member of the local Backup Operators group on the file server
- Member of the local Administrators group on the file server
Why do we need this access?
The following detailed explanation describes required permissions by each File Access Manager task:
Activity Monitoring
- No special permission is required, since the Activity Monitor service runs locally on the monitored service with Local System privileges.
Crawling
- The user must have Share Read permissions to all the shares on the file server.
- The user must be a member of the local Backup Operators group on the file server.
Permission Collection
- The user must have Share Read permissions to all the shares on the server.
- The user must be member of the local Backup Operators group on the server.
- The user must be a member of the local Administrators group to read the Share Permissions, and the local Users and Groups of the server.
Access Fulfillment
- The user must have Full Control permission on the normalized folders to be able to set the permissions.
Data Classification
- The user must have Share Read permissions for all the shares on the server.
- The user must be member of the local Backup Operators group on the server.
Communications Requirements
Requirement | Source | Destination | Port |
---|---|---|---|
File Access Manager Message Broker | Permissions Collector/Data Classification Collector | RabbitMQ | 5671 |
File Access Manager Access | Activity Monitor | File Access Manager Servers | 8000-8008 |
Permissions Collector & Data Classification Analysis | Permissions Collector/Data Classification Server | Monitored server | CIFS/SMB (139, 445) |