Configuring Actions

Learn how to configure location-specific actions for a content scan.

On This Page

Overview Configuring Actions Action-Specific Configurations Apply Metadata Archive Assign Migration Modify Permissions Redaction Remove Permissions

Overview

Specific actions require you to complete additional configuration for the content scan. If you apply an action set that includes actions requiring configuration to a scan, save the scan and configure the actions before attempting to run it. Running a scan before configuring the actions will cause the actions to fail.

DryvIQ will highlight scans that require configuration in red on the Content Scans page. Additionally, files that cannot have actions applied due to missing configuration will also be highlighted in red, and the File info tab in the file toolbox will display a message indicating that configuration is missing for the scan. The information required for configuration varies depending on the action(s) you selected. Refer to the information below about configuring scans for various actions.

Red Higlight Indicating Missing Scan Configuration

 

Configuration Message in the File Toolbox

Configuring Actions

  1. Click the ellipses (…) for the scan that needs to be configured and select Configure Actions from the menu.

  2. The Configure Location-Specific Actions modal appears, displaying all actions that require configuration for the scan. Each action includes the name of the action set to which it belongs, helping you understand where it is being used.  

  3. Click Edit next to the action you want to configure.
  4. Enter the configuration required for the action. (See the corresponding section below for instructions on configuring specific actions.)
  5. Click Confirm to save the action configuration.
  6. Edit additional actions, if applicable.
  7. Click Done on the Configure Location-Specific Actions modal to close it.

Action-Specific Configurations

Instructions for configuring individual actions are below. Expand an action to learn how to configure it. 

Apply Metadata

If a scan includes the Apply Metadata action, you must complete additional configuration to specify the metadata that DryvIQ needs to apply. If you don’t complete the configuration, the scan will fail to run, and the failure will be logged as an error in the Activity log. The log will indicate that a missing configuration for the action was the cause of the failure. You have the option to select the metadata fields or manually enter the configuration. 

Choosing Metadata Fields

You can only use this option if DryvIQ has access to the metadata fields on the platform. If it cannot access the metadata, it will switch to the manual entry fields. 

  1. Verify that Choose metadata fields is selected.
  2. The Schema field displays the schemas available on the platform. Select the one you want to use.
  3. The Property field lists all the metadata fields available on the platform. Select the metadata field you want to set.

  4. Use the Value field to enter the metadata value you want to set.
  5. Click Confirm to save the action configuration.

Manually Entering Metadata Configuration

  1. Verify that Manually enter configuration is selected.
  2. In Schema, enter the ID assigned to the schema you want to use. This field is optional when manually applying the configuration.  
  3. Use the Property field to specify the metadata field. It needs to match the property field on the platform exactly.
  4. Use the Value field to enter the metadata value you want to set.
  5. Click Confirm to save the action configuration.

 

Box Shield Labels

  1. Box Shield labels can be applied using the Apply Metadata action. You can configure them as follows.
  2. Verify that Choose metadata fields is selected.
  3. Select Box Shield as the Schema. (This option only displays for scans that use Box as a data source.)  
  4. Select Classification as the Property.
  5. The Value field displays the available values for the selected property. These are the classification label names on Box. Select the value you want to set.
  6. Click Confirm to save the action configuration.

 
 

Archive

If a scan includes the Archive action, you must complete additional configuration to specify the archive location and choose whether to add a placeholder file as a substitute for the archived file. You can customize the placeholder file text to provide the relevant information to anyone attempting to access the archived file, and you can also select which rehydration options are available to users for restoring archived files.

When you first begin using the archive action, you must create a new archive plan, as no archive plans will exist at this time. Once created, you can use this archive plan for other content scans. However, if you need to store archived content in different locations (some content will be archived in location A, some content will be archived in location B, etc.), you may need to create new archive plans accordingly for each scan. 

Creating a New Archive Plan

  1. Select Create new archive plan.

  2. Enter a name for the archive plan.
  3. Select the connection you want to use as the destination for the archived content. The list displays the current connections. If the connection you need doesn’t exist, click Add connection to create a new one.
  4. The Run as user option allows DryvIQ to use impersonation for the connection, allowing it to impersonate the selected user to move the content. This option displays only for connections that support impersonation. They include Box, Dropbox for Business, Google Workspace, Google Team Drives, Microsoft OneDrive for Business, and Microsoft SharePoint.
  5. The Path window displays the directory structure for the selected connection, along with the user's information (if applicable). Use it to choose the path where you want to archive the content. You can also manually specify the path to use. If the path you select doesn't exist, DryvIQ will create it.

     
  6. Enable Create placeholder file if you want to use a substitute file for the archived file. Leave the toggle disabled if you don’t want to use a placeholder file.

  7. If you selected to use a placeholder file, select the file type you want to use:
    1. Text: DryvIQ will create a text file containing the file template contents. (See step 8.)
    2. HTML: DryvIQ will create an HTML file containing the file template contents. (See step 8.)
    3. URL: DryvIQ will create a URL or shortcut that links to the rehydration page for the archived item. This option is platform-dependent and will not display for platforms that don’t support URL/link types.
  8. For text and HTML placeholder files, a File content template window will display. This is the text included in the placeholder file to inform users that the file has been archived. The default text contains placeholders for the original file name, archive location, timestamp of the archive, and URL to the rehydration page for the file. Edit this text if you want a different message included in the archive placeholder file. A preview of the text displays under the field for reference. You can use the Restore default option to reset the template text to the default text.

  9. Select the Lock file option if you want to prevent users from deleting the placeholder file. If left cleared, users who have access to delete content in the specified location can delete the archive placeholder file.
  10. The Allow restore setting determines if the users can restore the original file. When selected, a user can restore the archived file to its original location on the Rehydration page. If left cleared, no restore option will be available.If you do not allow file rehydration through the placeholder file, the only way you can restore a file is in the DryvIQ Platform. 
  11. Click Confirm to save the archive plan.

Selecting an Existing Archive Plan

Once an archive plan is created, you can resuse it for other scans.

  1. Verify that the Select existing archive plan option is selected.

  2. The list displays the existing archive plans (archive plans created for other scans that can be reused). Select the archive plan you want to use.
  3. The archive location for the selected archive plan is displayed for your reference.
  4. The placeholder settings for the archive plan also display for your reference, but you cannot edit them. (If you require different placeholder settings, you must create a new archive plan and select the preferred placeholder options.)

  5. Click Confirm.

 

 
 

Assign Migration

Scans that use the Assign Migration action must be configured to specify the migration plan that should migrate the content. 

Selecting an Existing Migration Plan

  1. Verify that the Select existing migration option is selected.

     
  2. The list displays the existing migration plans (jobs created as Intelligent Migration job types). Select the migration plan you want to use for the scan.
  3. Click Confirm.

Creating a New Basic Migration Plan

  1. Select Create new migration plan. 

  2. Enter a name for the migration plan.
  3. The Migration type determines how content on the source is handled after migration. Copy migrates a copy of the content to the destination set for the migration plan. Migrate copies the content to the destination and then deletes the content from the source once the migration is successful.

  4. Select the connection you want to use as the destination for the migrated content. The list displays the current connections. If the connection you need doesn’t exist, click Add connection to create a new one.
  5. The Run as user option allows DryvIQ to use impersonation for the connection, allowing it to impersonate the selected user to move the content. This option displays only for connections that support impersonation. They include Box, Dropbox for Business, Google Workspace, Google Team Drives, Microsoft OneDrive for Business, and Microsoft SharePoint. 
  6. The Path window displays the directory structure for the selected connection, along with the user's information (if applicable). Use it to choose the path where you want to move the content. You can also manually specify the path to use. If the path you select doesn't exist, DryvIQ will create it.

     
  7. Click Confirm to save the migration plan.

Creating an Advanced Migration Plan

Creating a migration plan through the configuration modal creates a basic intelligent migration job. To make an intelligent migration that utilizes the advanced options available for migration jobs, click the “click here” link on the modal. This takes you to the migration job creation wizard. Use the steps to create a create a new intelligent migration job.

 
 

Modify Permissions

If a scan includes the Modify Permissions action, you must complete additional configuration to specify to whom you want to grant permission and the permission level that should be assigned (Read, Read and Write, or Full Control).

  1. Select if you want to modify group or user permissions.
  2. Based on your selection, the window below will display all the groups or users on the data source assigned to the content scan. Select the group or user. (Use the Search option to search for a specific group or user.)
    1. For external users, type an email address in the field. You can also use an “allusers@domain” wildcard to find all users with an email address with the specified domain.
    2. For Network File System (NFS) data sources, a text box will display where you must enter the name of the group or account. The format will generally be similar to DOMAIN\USER or DOMAIN\GROUP. The permissions action will fail during the scan if you enter an invalid user or group.
  3. Click Add Identity to complete the selection of the group or user.

  4. Repeat steps 1-3 for every group and/or user you want to select.
  5. Select the permission level you want to assign from the Set permission level list. There are three options: Read, Read and Write, or Full Control.

  6. If you want DryvIQ to remove all existing permissions from all users and groups before applying the selected permission level to the specified group(s) and/or user(s), select the Remove all existing user or group permissions before setting permission level box. If this box is left blank, DryvIQ will add the selected permissions to the specified group(s) and/or user(s) but will not modify any existing permissions for other groups or users. 

  7. Click Confirm to save the configuration.

Permission Inheritance

Not all platforms support breaking permission inheritance. DryvIQ will break permission inheritance supported by the platform. If a platform does not support breaking inheritance, DryvIQ will skip the action and note the platform restriction.

 

 

 
 

Redaction

If a scan includes the Redaction action, you must complete additional configuration to specify the entity type(s) you want to redact, the threshold value, and the replacement text.

  1. Select an entity type from the Entity Type ID list. You need to add one entity type at a time, but you can add as many entity types as you want based on the information you want to redact. For example, you can add an entity type to redact ABA Routing Numbers, another to redact US Bank Account Numbers, and a third to redact US Social Security Numbers.

  2. The threshold is the confidence percentage that DryvIQ should use to determine if the entity type is a match for redaction. Lower numbers indicate a lower confidence level, resulting in more content being matched and redacted. Higher numbers indicate a higher confidence level. Therefore, less content may be redacted, but the results may be more accurate.

  3. The Replacement Text enables you to customize the content that replaces the redacted text. If you leave this field blank, DryvIQ will use asterisks (***) to replace the redacted content.

  4. Click Add Entity Type to add the entity type to the configuration.

  5. Repeat steps 1-4 for each entity type you want to use to define the content that requires redaction.
  6. When you are done adding entity types, click Confirm
 
 

Remove Permissions

If a scan includes the Remove Permissions action, you must complete additional configuration to specify from whom and which permissions should be removed.

  1. Select if you want to remove group or user permissions.
  2. Based on your selection, the window below will display all the groups or users on the data source assigned to the content scan. Select the group or user. (Use the Search option to search for a specific group or user.)
    1. For external users, type an email address in the field. You can also use an “allusers@domain” wildcard to find all users with an email address with the specified domain.
    2. For Network File System (NFS) data sources, a text box will display where you must enter the name of the group or account. The format will generally be similar to DOMAIN\USER or DOMAIN\GROUP. The permissions action will fail during the scan if you enter an invalid user or group.
  3. Click Add Identity to complete the selection of the group or user.

  4. Repeat steps 1-3 for every group and/or user you want to select.
  5. Use the Permissions to remove list to select if you want to remove All Permissions or All Write permissions

  6. Click Confirm to save the configuration. 

Permission Inheritance

Not all platforms support breaking permission inheritance. DryvIQ will break permission inheritance supported by the platform. If a platform does not support breaking inheritance, DryvIQ will skip the action and note the platform restriction.

 
 
 

 

 

Related Articles

Performing Actions on Content Manually
Creating an Action Set
Adding a Content Scan
Archive and Rehydrate