Caching, setting, and restoring file system permissions
In some environments, you may only need to use the identities (user,group) without the domain.
Example:
Before: ACME\Admins
After: Admins
CacheFileSystemPermissions
CognitiveToolkit.exe CacheFileSystemPermissions --index-server-url http://INDEXSERVER:9200 --index-name INDEX_NAME --field FIELD_TO_CREATE --query "..\query.json"
Purpose
Cache effective Windows permissions of index items (based on query) into a field in the index. These cached permissions can be used by the "RestoreCachedFileSystemPermissions" tool in the Shinydocs Cognitive Toolkit
Do not delete this field unless instructed to by Shinydocs. The query you supply should match the items you want to use the SetFileSystemPermissions tool with.
--help
Tool: CacheFileSystemPermissions
Usage: CognitiveToolkit CacheFileSystemPermissions [options]
Options:
-f|--field <FIELD> The name of the index field (Required)
-q|--query <QUERY> The search query (File or Json Input) (Required)
-s|--silent Turn off the progress bar (Default: false)
-n|--nodes-per-request <NODES_PER_REQUEST> The number of nodes per request (Default: 100)
--skip-errors Skip re-processing errors (Default: false)
-u|--index-server-url <INDEX_SERVER_URL> URL of the index server (Required)
-i|--index-name <INDEX_NAME> Name of the index (Required)
--index-type <INDEX_TYPE> Type name for index objects (Default: shinydocs)
-?|-h|--help Show help information
Example command
CognitiveToolkit.exe CacheFileSystemPermissions --index-server-url http://localhost:9200 --index-name shiny --field cached_permissions --query "Resources\QueryFiles\cachePerms.json"
Creates a field on matched index items called "cached_permissions" with the value being the cached permissions. These values are stored for later use of the "RestoreCachedFileSystemPermissions" tool.
Example query
This query would match any item in the index that has a "rot_trivial" field with a value of "tmp_file". It will not match any item (regardless if tagged as "rot_trivial: tmp_file") that contains the field "record" with a value of "true"
cachePerms.json
{
"bool": {
"must": [
{"match_phrase": {"rot_trivial": "temp_file"}}
],
"must_not": [
{"match_phrase": {"record": "true"}}
]
}
}
SetFileSystemPermissions
CognitiveToolkit.exe SetFileSystemPermissions --index-server-url http://INDEXSERVER:9200 --index-name INDEX_NAME --identity DOMAIN\USER --access-control-reason REASON --query "...\queryfile.json"
Purpose
Overwrite effective Windows permissions with the values supplied in the command on items in the index that match the given query. Identity is the group\account to remain on the file and will be given the permission "full control" so the item can still be accessed and/or deleted (or to restore cached permissions at a later time). By default, it will replace effective permissions with only the "read" permission (meaning users/groups that could write or delete can now only read it (legal hold).
This is done at the file level, folders are not affected
In general, use the same query used for the "CacheFileSystemPermissions" tool, but with modification (see query example for this tool)
--help
Tool: SetFileSystemPermissions
Usage: CognitiveToolkit SetFileSystemPermissions [options]
Options:
--exclusions <EXCLUSIONS> A comma-separated list of users/groups you wish to exclude (Optional)
--identity <IDENTITY> Identity to add file access control (Required)
--identity-perms <IDENTITY_PERMS> Access control level to give identity as bitmask (Default: full)
--access-control-reason <ACCESS_CONTROL_REASON> File access control change identifier. Ie. legal-hold, destruction, public-record (Required)
--rights <RIGHTS> The level of permissions that will remain on the object (none,read,write) (Default: read)
-q|--query <QUERY> The search query (File or Json Input) (Required)
-s|--silent Turn off the progress bar (Default: false)
-n|--nodes-per-request <NODES_PER_REQUEST> The number of nodes per request (Default: 100)
--skip-errors Skip re-processing errors (Default: false)
-u|--index-server-url <INDEX_SERVER_URL> URL of the index server (Required)
-i|--index-name <INDEX_NAME> Name of the index (Required)
--index-type <INDEX_TYPE> Type name for index objects (Default: shinydocs)
-?|-h|--help Show help information
Example commands
Effectively legal-hold
CognitiveToolkit.exe SetFileSystemPermissions --index-server-url http://localhost:9200 --index-name shiny --identity acme\legal --access-control-reason legal_hold --query "setFilePermissions-legal_hold.json"
Example query:
This query is the same as cachePerms.json, with the added check for items that also must have the cached_permissions field. This is to ensure it will only apply to files whose permissions have been cached.
setFilePermissions-legal_hold.json
{
"bool": {
"must": [
{"match_phrase": {"legal_hold": "true"}},
{"exists": {"field": "cached_permissions"}}
]
}
}
RestoreCachedFileSystemPermissions
CognitiveToolkit.exe RestoreCachedFileSystemPermissions --index-server-url --index-name --field --query
CognitiveToolkit.exe RestoreCachedFileSystemPermissions --index-server-url http://INDEXSERVER:9200 --index-name INDEX_NAME --field FIELD_FROM_CacheFileSystemPermissions --query "..\query.json"
Purpose
To restore the Windows permissions back to the state when they were cached in the index. You must have cached the permissions for this to work and it will overwrite permissions on the item currently.
This will not remove the fields made from the "SetFileSystemPermissions" tool.
--help
Tool: RestoreCachedFileSystemPermissions
Usage: CognitiveToolkit RestoreCachedFileSystemPermissions [options]
Options:
-f|--field <FIELD> The name of the index field (Required)
-q|--query <QUERY> The search query (File or Json Input) (Required)
-s|--silent Turn off the progress bar (Default: false)
-n|--nodes-per-request <NODES_PER_REQUEST> The number of nodes per request (Default: 100)
--skip-errors Skip re-processing errors (Default: false)
-u|--index-server-url <INDEX_SERVER_URL> URL of the index server (Required)
-i|--index-name <INDEX_NAME> Name of the index (Required)
--index-type <INDEX_TYPE> Type name for index objects (Default: shinydocs)
-?|-h|--help Show help information
Example command
CognitiveToolkit.exe RestoreCachedFileSystemPermissions --index-server-url http://localhost:9200 --index-name shiny --field cached_permissions --query "restorePermissions.json"
Example Query
This query matches any item in the index that has the cached permissions field and matches a specific path. This is useful for restoring permissions to files in a particular directory
{
"bool": {
"must": [
{"match_phrase": {"path": "\\\\ACMECORP\\share1\\directory\\sales\\prospects"}},
{"exists": {"field": "cached_permissions"}}
]
}
}