File System Access Analyzer Data Collector Schema

The File System Access Analyzer (FSAA) data collector audits Windows, NFS, and Azure Files file systems for permissions, ownership, content, activity, and sensitive-data classification. FSAA scans Windows servers, NetApp/EMC/Dell filers, Linux/Unix hosts, and Azure Files shares; normalizes the security model into a unified per-host identity space; and writes the results to the central Access Analyzer database. Every core data table is partitioned by host, so removing a host atomically purges its entire collected data set across all four collector modules.

Table Relationship Diagrams (ERD)

• Top-level partitioning — every table references SA_FSAA_Hosts
• Trustees — security-principal identity model
• Resources & content aggregations
• Gates and permissions
• Tags
• Exceptions
• Azure Files
• Activity collection (SA_FSAC_*)
• Sensitive data — DLP (SA_FSDLP_*)
• DFS namespaces (SA_FSDFS_*)

Core Data Collection Tables

• SA_FSAA_SchemaVer
• SA_FSAA_Hosts
• SA_FSAA_ImportHistory
• SA_FSAA_Trustees
• SA_FSAA_LocalTrustees
• SA_FSAA_TrusteeEquivalence
• SA_FSAA_Rights
• SA_FSAA_Tags
• SA_FSAA_TagKeys
• SA_FSAA_TagProxies
• SA_FSAA_Resources
• SA_FSAA_UnixRights
• SA_FSAA_Gates
• SA_FSAA_GatesProxy
• SA_FSAA_Policies
• SA_FSAA_Exceptions
• SA_FSAA_ExceptionTypes
• SA_FSAA_ProbableOwners
• SA_FSAA_FileSizes
• SA_FSAA_FileTypes
• SA_FSAA_FileAges
• SA_FSAA_FileTags
• SA_FSAA_ScanHistory
• SA_FSAA_AzureFilesShares
• SA_FSAA_AzureFilesShareProperties
• SA_FSAA_AzureStorageAccounts
• SA_FSAA_TrusteeMap
• SA_FSAA_ResourceMap
• SA_FSAA_GateMap
• SA_FSAA_ResourcesScanTypeDetails
• SA_FSAC_ProcessNames
• SA_FSAC_ActivityEvents
• SA_FSAC_PermissionChanges
• SA_FSAC_OwnerChanges
• SA_FSAC_DailyActivity
• SA_FSAC_RenameTargets
• SA_FSAC_ExceptionTypes
• SA_FSAC_Exceptions
• SA_FSAC_UserExceptionTypes
• SA_FSAC_UserExceptions
• SA_FSDLP_ImportHistory
• SA_FSDLP_Criteria
• SA_FSDLP_Matches
• SA_FSDLP_MatchHits
• SA_FSDLP_MatchHits_SubjectProfile
• SA_FSDFS_Namespaces
• SA_FSDFS_Links

Views

• SA_FSAA_Paths
• SA_FSAA_ResourcesView
• SA_FSAA_PermissionsView
• SA_FSAA_ExpandedPermissionsView
• SA_FSAA_DirectPermissionsView
• SA_FSAA_InheritedPermissionsView
• SA_FSAA_SharesTraversalView
• SA_FSAA_EffectiveAccessView
• SA_FSAA_LocalGroupMembersView
• SA_FSAA_ExceptionsView
• SA_FSAA_AzureFilesPermissionsView
• SA_FSAC_DailyActivityView
• SA_FSAC_DailyUserActivityView
• SA_FSAC_DailyResourceActivityView
• SA_FSAC_ActivityEventsView
• SA_FSAC_ExceptionsView
• SA_FSAC_UserExceptionsView
• SA_FSAC_PermissionChangesView
• SA_FSDLP_MatchesView
• SA_FSDLP_MatchHitsView

Enumeration & Lookup Values

• TrusteeType
• ResourceType
• GateType
• Rights Bitmask — AllowRights / DenyRights

Functions & Stored Procedures

• FSAA Functions (SA_FSAA_*)
• Activity Collector Functions (SA_FSAC_*)
• DFS Functions (SA_FSDFS_*)
• Shared Core Functions (SA_CORE_*)

Index Reference

• Complete Index Listing

Foreign Key Reference

• Complete Foreign Key Listing