1. Support
  2. Knowledge base
  3. 100050021

Understanding Shadow Users in Veritas Alta SaaS Protection

Article: 100050021
Last Published: 2023-11-03
Ratings: 0 0
Product(s): Veritas Alta SaaS Protection

Description

Veritas Alta SaaS Protection has the concept of ' Shadow Users'. When the security identifiers that are present in the data that do not resolve to any user or group found in the directory provider, Veritas Alta SaaS Protection creates a shadow user profile automatically. A shadow user is a placeholder account that illuminates an identity present in the data but not in the directory. Shadow users will display in Veritas Alta SaaS Protection as an external user that is not enabled in the directory provider. However, using any of the custodian-based policies or search capabilities in Veritas Alta SaaS Protection will allow you to specify shadow users. If a shadow user is later discovered in the directory provider, Veritas Alta SaaS Protection automatically resolves its preexisting access rights mapping for the identity.
 
This is done for two reasons:
  1. It allows Veritas Alta SaaS Protection to archive content from your organization prior to your first directory synchronization completing.
  2. It enables data governance in orphaned data scenarios. Often times, what's in the scope of archiving is data that's orphan (that's content where all users with access rights are no longer at the organization). In Veritas Alta SaaS Protection, automatic shadow user profiles provide an efficient way of identifying orphan content in your archive. Veritas Alta SaaS Protection's ability to leverage custodians in searches and policies means that you can specifically target orphan user's data. For instance, perhaps you wish to run a retention policy specifically for orphan data, or perhaps exclude it from a Discovery search.

Shadow Users may appear in the ASP Portal as seen below:

Was this content helpful?

Article Languages