How to use ACL data in policies

This topic describes how to use ACL data in your policies.

The user must specify the following query to view all ACL data as shown in the following screenshot:
Note: ACL grouping is not supported and in order to perform such groupings, an external DB client like the DB2 warehouse client should be used against the Spectrum Discover database.
Important: When using acog or aces data to make tagging policies, it is important to understand that a single selection of acog or aces data may result in tags not being meaningful.
For example, the following tag is defined to show that a row has a permission type of either read-write, read-execute, or read only:
The following policies are intended to set the permission tag based on the permissions flag:
After running the Read Only policy, the Permission tag is populated, but as seen from the following row for the same file, the tag does not match the real permissions (only the permissions with rt should be "read only"):
After running the Read Execute policy, the Permission tag is populated but the permission tag is changed from Read-Only to Read-Execute which makes it meaningless and effectively useless:
To solve this problem, you can create tags and set the value as "True" if the condition exists.
Note: You cannot add a "false" value because if you were to run a policy that found a condition that doesn't exist, you would run into the same meaningless results.
When tags have a "True" value, you can now set the policies to have a "True" value. By doing this, you can determine what permissions are allowed for each file.
Note: You can customize your own tags and use aces/acog information that is meaningful to you.