Skip to main content
Skip table of contents

Caching, setting, and restoring file system permissions

In some environments, you may only need to use the identities (user,group) without the domain.

Example:

Before: ACME\Admins

After: Admins

CacheFileSystemPermissions

CODE 
CognitiveToolkit.exe CacheFileSystemPermissions --index-server-url http://INDEXSERVER:9200 --index-name INDEX_NAME  --field FIELD_TO_CREATE --query "..\query.json"

Purpose

Cache effective Windows permissions of index items (based on query) into a field in the index. These cached permissions can be used by the "RestoreCachedFileSystemPermissions" tool in the Shinydocs Cognitive Toolkit

Do not delete this field unless instructed to by Shinydocs. The query you supply should match the items you want to use the SetFileSystemPermissions tool with.

--help

CODE 
Tool: CacheFileSystemPermissions
Usage: CognitiveToolkit CacheFileSystemPermissions [options]

Options:
  -f|--field <FIELD>                          The name of the index field (Required)
  -q|--query <QUERY>                          The search query (File or Json Input) (Required)
  -s|--silent                                 Turn off the progress bar (Default: false)
  -n|--nodes-per-request <NODES_PER_REQUEST>  The number of nodes per request (Default: 100)
  --skip-errors                               Skip re-processing errors (Default: false)
  -u|--index-server-url <INDEX_SERVER_URL>    URL of the index server (Required)
  -i|--index-name <INDEX_NAME>                Name of the index (Required)
  --index-type <INDEX_TYPE>                   Type name for index objects (Default: shinydocs)
  -?|-h|--help                                Show help information

Example command

CODE 
CognitiveToolkit.exe CacheFileSystemPermissions --index-server-url http://localhost:9200 --index-name shiny  --field cached_permissions --query "Resources\QueryFiles\cachePerms.json"

Creates a field on matched index items called "cached_permissions" with the value being the cached permissions. These values are stored for later use of the "RestoreCachedFileSystemPermissions" tool.

Example query

This query would match any item in the index that has a "rot_trivial" field with a value of "tmp_file". It will not match any item (regardless if tagged as "rot_trivial: tmp_file") that contains the field "record" with a value of "true"

cachePerms.json

CODE 
 {
        "bool": {
            "must": [
              {"match_phrase": {"rot_trivial": "temp_file"}}
             ],
			 "must_not": [
			 {"match_phrase": {"record": "true"}}
			 ]
          }
        }

SetFileSystemPermissions

CODE 
CognitiveToolkit.exe SetFileSystemPermissions --index-server-url http://INDEXSERVER:9200 --index-name INDEX_NAME --identity DOMAIN\USER --access-control-reason REASON --query "...\queryfile.json"

Purpose

Overwrite effective Windows permissions with the values supplied in the command on items in the index that match the given query. Identity is the group\account to remain on the file and will be given the permission "full control" so the item can still be accessed and/or deleted (or to restore cached permissions at a later time). By default, it will replace effective permissions with only the "read" permission (meaning users/groups that could write or delete can now only read it (legal hold).

This is done at the file level, folders are not affected

In general, use the same query used for the "CacheFileSystemPermissions" tool, but with modification (see query example for this tool)

--help

CODE 

Tool: SetFileSystemPermissions
Usage: CognitiveToolkit SetFileSystemPermissions [options]

Options:
  --exclusions <EXCLUSIONS>                        A comma-separated list of users/groups you wish to exclude (Optional)
  --identity <IDENTITY>                            Identity to add file access control (Required)
  --identity-perms <IDENTITY_PERMS>                Access control level to give identity as bitmask (Default: full)
  --access-control-reason <ACCESS_CONTROL_REASON>  File access control change identifier. Ie. legal-hold, destruction, public-record (Required)
  --rights <RIGHTS>                                The level of permissions that will remain on the object (none,read,write) (Default: read)
  -q|--query <QUERY>                               The search query (File or Json Input) (Required)
  -s|--silent                                      Turn off the progress bar (Default: false)
  -n|--nodes-per-request <NODES_PER_REQUEST>       The number of nodes per request (Default: 100)
  --skip-errors                                    Skip re-processing errors (Default: false)
  -u|--index-server-url <INDEX_SERVER_URL>         URL of the index server (Required)
  -i|--index-name <INDEX_NAME>                     Name of the index (Required)
  --index-type <INDEX_TYPE>                        Type name for index objects (Default: shinydocs)
  -?|-h|--help                                     Show help information

Example commands

Effectively legal-hold

CODE 
CognitiveToolkit.exe SetFileSystemPermissions --index-server-url http://localhost:9200 --index-name shiny --identity acme\legal --access-control-reason legal_hold --query "setFilePermissions-legal_hold.json"

Example query:

This query is the same as cachePerms.json, with the added check for items that also must have the cached_permissions field. This is to ensure it will only apply to files whose permissions have been cached.

CODE 
{
        "bool": {
            "must": [
              {"match_phrase": {"legal_hold": "true"}},
			  {"exists": {"field": "cached_permissions"}}
             ]
          }
        }

RestoreCachedFileSystemPermissions

CognitiveToolkit.exe RestoreCachedFileSystemPermissions --index-server-url --index-name --field --query

CODE 
CognitiveToolkit.exe RestoreCachedFileSystemPermissions --index-server-url http://INDEXSERVER:9200 --index-name INDEX_NAME  --field FIELD_FROM_CacheFileSystemPermissions --query "..\query.json"

Purpose

To restore the Windows permissions back to the state when they were cached in the index. You must have cached the permissions for this to work and it will overwrite permissions on the item currently.

This will not remove the fields made from the "SetFileSystemPermissions" tool.

--help

CODE 
Tool: RestoreCachedFileSystemPermissions
Usage: CognitiveToolkit RestoreCachedFileSystemPermissions [options]

Options:
  -f|--field <FIELD>                          The name of the index field (Required)
  -q|--query <QUERY>                          The search query (File or Json Input) (Required)
  -s|--silent                                 Turn off the progress bar (Default: false)
  -n|--nodes-per-request <NODES_PER_REQUEST>  The number of nodes per request (Default: 100)
  --skip-errors                               Skip re-processing errors (Default: false)
  -u|--index-server-url <INDEX_SERVER_URL>    URL of the index server (Required)
  -i|--index-name <INDEX_NAME>                Name of the index (Required)
  --index-type <INDEX_TYPE>                   Type name for index objects (Default: shinydocs)
  -?|-h|--help                                Show help information

Example command

CODE 
CognitiveToolkit.exe RestoreCachedFileSystemPermissions --index-server-url http://localhost:9200 --index-name shiny  --field cached_permissions --query "restorePermissions.json"

Example Query


This query matches any item in the index that has the cached permissions field and matches a specific path. This is useful for restoring permissions to files in a particular directory

CODE 
  {
        "bool": {
            "must": [
              {"match_phrase": {"path": "\\\\ACMECORP\\share1\\directory\\sales\\prospects"}},
			  {"exists": {"field": "cached_permissions"}}
             ]
          }
        }
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close