GDPR requires to detect any data leakage and as soon as possible. Thanks to this feature the user won’t have to manually search if someone worked with sensitive data, but can instead create and configure a periodical search, which will perform all the necessary actions.
Periodical search is a search performed automatically by the Task runner with the recurrence and other parameters configured by the user. The search is performed only on the entities allowed by the user’s roles and permissions.
There are 2 periodical search related permissions that can be assigned from Central Administration:
1) Create periodical search – allows to define a periodical search and manage (view, delete) own periodical searches
2) Manage other’s periodical searches
The Manage other’s periodical searches permission allows to see other user’s periodical searches – on tenant or system level – based on role assignment. With this permission, the user cannot create a periodical search. He can only see, enable/disable and delete the periodical searches on the tenant(s) where he has permissions. If the user had the Create periodical search permission before, but the permission was removed, he will be still able to see his own periodical searches.
Using periodical search
Click on the periodical search button. A pop-up window will open. Here you can set the following:
- Search name – name of the periodical search
- Notification recipients (split by “;”) – email addresses of users that will receive the notification email (this email will be sent by the notification job)
- Tenant – Tenant that the search will be performed on (only tenants available for the user are listed in the dropdown list)
- Keep results – number of search results that will be stored in the database (explained below)
- Recurrence (weekly on selected day(s) at selected time or monthly on selected day(s) at selected time)
- Description – description of the periodical search
The list of all available periodical searches can be viewed by clicking on the Periodical search button in the upper right corner.
1) Refresh – refreshes the list of periodical searches
2) View details – explained below
3) Edit – explained below
4) Enable/disable – with this button it is possible to enable or disable the selected periodical search (when disabled, it
won’t perform any actions; disabled searches have grey background)
5) Delete – deletes the periodical search
On this page it is possible to see the details about the selected periodical search. The Query displays all searching parameters of the periodical search (the search this periodical search was created from). By clicking on the link, the defined search will be performed again in a moment.
The previous search result summary is displayed in the grid below. We can see the start date, end date, duration and total hit count. It is also possible to download the report file from here by clicking on the button in the Actions column. The report file contains a detailed summary with the list of emails, files and database records, where the results are coming from.
Here it is possible to set/change the same parameters as after clicking on the Periodical search button after performing a search.
Every periodical search has a defined “Keep in history” property (same value as Keep records when creating the periodical search) – this means that we store X previous search results in the database and also in the corresponding report file on the resource storage.
Task runner processing
When a periodical search is found
- We check the IsActive status – if the search is not active, it means that it was marked as deleted.
- If the search is marked as deleted, we will remove the corresponding history items, report files and also the definition/configuration of the periodical search.
- If a periodical search is disabled, it will be skipped by the Task runner.
- If the search is active, its scheduled time is recalculated based on recurrence – the next job will not process it. (It means that if it is scheduled to run at 10:00 on every Wednesday, it will be processed at that time and set to run on the next Wednesday at 10:00, on the other days and times the search can’t be found).
- Task runner job will create a report in the resource storage, a new record in the history table and will add a reporting email into the notification job’s queue – history management is performed during this processing.
- The report file is available only from contentWEB. The notification email contains a link to the periodical search detail page, which contains the stored history results – therefore it is easy to compare the results from there, and this way we can easily ensure that the report is not available for a user without permissions.
- If the user would like to share the report with another user, he needs to save the report file and send it to the user. He can use our sharing app for this.