Skip to main content
BlueXP classification

Metadata collected from data sources

Contributors netapp-tonacki amgrissino netapp-bcammett

BlueXP classification collects certain metadata when performing classification scans on the data from your data sources and working environments. BlueXP classification can access most of the metadata we need to classify your data, but there are some sources where we are unable to access the data we need.

Metadata CIFS NFS

Time stamps

Creation time

Available

Not available (Unsupported in Linux)

Last access time

Available

Available

Last modify time

Available

Available

Permissions

Open permissions

If "EVERYONE" group has access to the file, it is considered "Open to organization"

If "Others" has access to the file, it is considered "Open to organization"

Users/group access

Users and group information is taken from LDAP

Not available (NFS users are usually managed locally on the server, therefore, the same individual can have a different UID in each server)

Note
  • BlueXP classification does not extract the "last accessed time" from the database data sources.

  • Older versions of the Windows OS (for example, Windows 7 and Windows 8) disable the collection of the "last accessed time" attribute by default because it can impact system performance. When this attribute is not collected, BlueXP classification analytics that are based on "last accessed time" will be impacted. You can enable the collection of the last access time on these older Windows systems if needed.

Last access time timestamp

When BlueXP classification extracts data from file shares, the operating system considers it as accessing the data and it changes the "last access time" accordingly. After scanning, BlueXP classification attempts to revert the last access time to the original timestamp. If BlueXP classification doesn't have write attributes permissions in CIFS, or write permissions in NFS, the system can't revert the last access time to the original timestamp. ONTAP volumes configured with SnapLock have read-only permissions and also can't revert the last access time to the original timestamp.

By default, if BlueXP classification doesn't have these permissions, the system won't scan those files in your volumes because BlueXP classification can't revert the "last access time" to the original timestamp. However, if you don't care if the last access time is reset to the original time in your files, you can click the Scan when missing "write attributes" permissions switch at the bottom of the Configuration page so that BlueXP classification will scan the volumes regardless of permissions.

A screenshot showing the switch you can use to have BlueXP classification scan your files even if it does not have the correct permissions to revert the last access time to the original timestamp.

This functionality is applicable to On-premises ONTAP systems, Cloud Volumes ONTAP, Azure NetApp Files, FSx for ONTAP, and third-party file shares.

Note that there is a filter in the Investigation page called Scan Analysis Event that enables you to display either the files that were not classified because BlueXP classification couldn't revert the last accessed time, or the files that were classified even though BlueXP classification couldn't revert the last access time.

A screenshot of the filter to see which files were scanned

The filter selections are:

  • "Not classified — Cannot revert last access time" - This shows the files that were not classified due to missing write permissions.

  • "Classified and updated last access time" - This shows the files that were classified and BlueXP classification was unable to reset the last access time back to the original date. This filter is relevant only for environments where you turned Scan when missing "write attributes" permissions ON.

If needed, you can export these results to a report so you can see which files are, or aren't, being scanned because of permissions. Learn more about the Data Investigation Report.