Excluding Accounts from File Access Manager Processes
Administrators use the Account Exclusions setting to exclude specific accounts from appearing in various reports or activities. This might include bots that access resources often,. But should not be considered for data ownership, or sensitive accounts, that we might not want appearing on activity reports.
Types of Exclusions
There are three types of exclusions:
Goal Exclusions
Exclude specific accounts from the data owner’s election process. The excluded users will not participate in the Data Owner Election, neither as candidates nor as voters.
Sensitive Account Exclusions
The permissions and activities of the excluded accounts will be visible to Administrators only. Select User / Group accounts, or use a prefix. All the direct members of an excluded group will be excluded.
Once an account is on the exclusion list, data owners will not be able to see those accounts in the following screens:
-
Resources > Activities >Access Frequency
-
Resources > Permissions > Simple View
-
Resources > Permissions > Excess View
-
Resources > Permissions > Tree
-
Resources > Owners
Forensics
Alert Exclusions
Alert Rules will ignore all activities performed by the excluded users.
Adding Accounts
To open the exclusion screen, go to Settings > Account Exclusions.
To add a single account:
-
Select +Add Account.
-
Search for a user from the combo box.
-
Select Add.
To add accounts in bulk:
-
Go to Settings > Account Exclusions > [X] Exclusions, and select Bulk Upload.
For example: Settings > Account Exclusions > Goal ExclusionsA Bulk Actions dialog box displays.
-
to download a sample CSV file, select Download Sample File.
-
In the CSV file, fill in the relevant fields Domain Name, Username, account type (if required) , as relevant
-
Save and upload the file.
-
A status popup appears with the upload status.
-
The Exclusions grid refreshes automatically with the uploaded accounts.
Searching for Users or Accounts to Exclude
-
Type the user or account name, or the first few characters of the name, in the Search box. You can select the account type - Group or User - where these filters are present. If this option is not available, the default is user account.
-
Select Add to add the exclusion or Clear to delete the exclusion selected.
-
To search for a current excluded account, type the excluded account name, or the first few characters of the name, in the Search box at the top right of the screen.
Starts With
If you are using the “starts with“ operator (where supported), the application will not display a list of candidates. Type in one or more letters of the prefix of the accounts to exclude from this list. All the accounts in the system that start with the string provided will be excluded.
The free text that you type in the Account to be Excluded field when you select the “starts with” operator can only be a user/group name, and cannot include a domain name.
Deleting Accounts/Groups
Select the dropdown menu to the left of a username, and select Delete.
To delete more than one account, select the accounts to delete, and select the Delete icon.
Removing Accounts from the Exclusion List
To remove accounts from the exclusion list:
-
Filter the list of accounts using the filter field.
-
For a single account
- Select Delete from the Actions menu on the row of the account to delete.
-
For multiple accounts
-
Select the required accounts by selecting the checkbox on the account row.
-
Select the Delete icon.
-