6.6 Defining a File System Access Collector

A File System Access collector may be added to a new or existing Identity Governance Application.

To add the collector to a new Application:

  1. In Identity Governance, select Data Sources > Applications.

  2. Click + to add a new Application source.

  3. In the New Application Source form, complete the following fields:

    • Name: Provide a name for this Application. For example, File System Access Data.

    • Description: (Optional) Provide a description for this Application.

  4. Select New Application Source > New Collector.

  5. Complete the following fields:

    • Collector name: Provide a name for the collector. For example, File System Access Collector.

    • Collector template: Select File System Access from the drop-down list.

    • Collect this data: Select Yes.

  6. Click Service Parameters.

  7. Complete the following fields:

    • Database Type: Select the database type of SQL Server or PostgreSQL used with your File Reporter installation.

    • Host Server: Enter the IP address or hostname for the File Reporter database.

    • Host Server Port: Enter the TCP port for the File Reporter database.

    • Database Instance Name: Enter the name of the File Reporter database instance.

      This will typically be srsdb.

    • User Name: Enter the name of a database user with read access to the File Reporter scan data.

      You can use the File Reporter Report user (typically srsreport_user) or any other database account in the File Reporter Database Report Role (typically srsreport_role).

    • Password: Enter the password for the database user.

    • Batch Collection Session Timeout: Enter the number of seconds before an idle batch collection session times out.

      The default setting is 60 seconds.

  8. Click Test connection to verify the database connection parameters.

  9. Click Collect Permission.

  10. Complete the following fields:

    • Permission Query: Use the provided SQL query for collecting File System Access Permissions from File Reporter.

    • Permission ID from Source: Use the provided value entitlement_id.

    • Permission Name: Use the provided value entitlement.

    • Permission Description: Use the provided value description.

    • File System Access: Use the provided value permission.

    • File System Category: Use the provided value category.

    • File System Path: Use the provided value target_path.

  11. Click Collect Permission to Holders Attribute.

  12. Complete the following fields:

    • Collect this data: Select Yes.

    • Permissions to Holders Query: Use the provided SQL query.

    • Permission ID(s) from Source: Use the provided value entitlement_id.

    • Permission Account or User Mapping: Use one of the following mappings:

      Use this value…

      to map to this Permissions to Holders attribute

      trustee_guid

      Object GUID

      trustee_fdn

      User ID from Source or any Identity attribute mapped to the distinguishedName attribute in Active Directory.

      trustee_sid

      Custom Identity attribute mapped to objectSid in Active Directory.