Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

311

312

313

314

315

316

317

318

319

320

Manage Policies

296

If you have Data Guardian installed, develop a plan for implementing access groups and creating a

smooth transition for users who have shared files.

Determine a transitional time range for deployment

Initially, enable Access Groups and Auto access for swept files for a transitional period. This should be a

brief time but owners of a protected, shared file should plan for any impact to that file.

Instruct users to process shared files

Inform internal users who will be in their access group and allow them to process shared files to ensure

a smooth transition.

• During the Auto-access transitional period, all internal users within the same access group have

access to the shared, protected files.

• If Auto access will be temporarily enabled, instruct users that any internal user outside their

access group who has a copy of the file and opens it has permanent access to the key. In some

cases, the key cannot be revoked later. See Disable_Auto_access_for_swept_files

• If a user does not open a file and auto access is disabled, they lose access.

• If an internal user already granted access to an external user, the external user will not lose

access.

• When a file is created after Access Groups is enabled, all users within that access group have

access to the file.

• If a user is removed from the access group, the user no longer has access to the files.

• If the owner of the file is removed from the access group, others who shared access

still have access.

For detailed information on the impact, see Disable_Auto_access_for_swept_files

Return to top

Configure Access Groups

IT best practices should be followed during deployment. This includes, but is not limited to, controlled

test environments for initial tests, and staggered deployments to users.

1. Enable Data Guardian Access Groups

and, optionally, Auto access for swept files.

Important: Currently, if you enable Access Groups, you cannot disable it.

2. If you have not yet created user groups for this feature, see Add a User Group

3. In User Groups, select a group.

4. On User Group Detail, select the Details and Action tab.

5. Click the check box for Access Group Enabled.

Note: You can also modify the group members, remove the group, or clear the Access Group

check box.

With Access Groups enabled, the Protected File Access screen allows internal users to select one or

more access groups or add an individual when sharing a protected file. External users who own a

document can share it with individual users but not access groups. This is available on Windows, Mac,

mobile, and web portal. For more information, see the Data Guardian User Guide.

Return to top

Disable Auto access for swept files (Windows and Mac)