Skip to content

File Access Manager Applications

File Access Manager enables enterprises to discover and govern access to sensitive data and better address the security threat to unstructured data. As a key component of SailPoint's Identity Governance strategy organizations can take a comprehensive approach to govern access across all users, applications and data with enhanced visibility while reducing risk.

Use File Access Manager to:

  • Identify and govern access to exposed sensitive data found within cloud and on-premises file stores.

  • Enable business users to manage access to data they know best, alleviating IT burden and over-permissioned access.

  • Leverage a comprehensive identity governance solution that extends to unstructured data throughout the enterprise.

When you create a new application of type File Access Manager, this application by default will start with an alert schema, as well as unstructured and associations schemas. The unstructured and associations schemas are used to define the makeup the Target and TargetAssociation respectively.

For more information, you can also refer to the File Access Manager documentation.

File Access Manager Attributes/Configuration

Schemas are defined on the Configuration tab. If an alert schema is defined, this will include the configuration needed to set up the Alerts. If the Unstructured schema is defined, this will include the configuration needed to set up the Target / Target Permissions.

Connection Settings

  • Database URL - the jdbc connection URL for the File Access Manager database.

  • Driver Class - the SQLServer JDBC Driver class to use for the connection. This should be the appropriate jar for the version of SQLServer you are using with File Access Manager. It must be contained in the corresponding jdbc SQLServer jar file, and located in your IdentityIQ installation's\lib directory.

  • UserName - the database user name

  • Password - password for the configured user name

  • Schema - schema used for the File Access Manager database

General Details

  • Referenced Applications - This is a list of applications to which the given permission are correlated. The target permissions are correlated to either a Link or ManagedAttribute belonging to one of the applications in the list.

  • Aggregate Inherited - True to aggregate inherited permissions. If set to true, the dataset will be much larger. If false, only the top level permissions are aggregated, and inheritance is assumed as defined on the native source.

  • Target Hosts - The File Access Manager Business Application Monitors (BAMs) from which to aggregate permissions.

  • Target Host Paths - This is a CSV of paths from which to aggregate. This aggregation starts at the given root paths, and discovers all permissions under these paths. If not specified, all target / target permissions for the specified BAM are aggregated.

Rules

The rules tab within the Application Definition user interface enables the defining of rules for given object types. The Application level rules and schema level rules, for schemas that allow them, are shown with the ability to select / edit (based off of correct capabilities) the given rules. The unstructured schema support Correlation/Creation/Customization/Refresh rules on the schema level.

Creation rules for unstructured schema will be of Rule Type TargetCreation

Refresh rules for unstructured schema will be of Rule Type TargetRefresh

Correlation rules for unstructured schema will be of Rule Type TargetCorrelation

Note

Customization rules might run multiple times, updating the same ResourceObject. For example, once for the provisioning result, once for the result in the provisioning plan, and once for the result in the account request.

Customization rules for unstructured schema will be of Rule Type ResourceObjectCustomization

The unstructured / associations schema AttributeDefinitions are used to define the columns to include in the query.