Add FSAA DC schema documentation for Access Analyzer 12.0

[tay-caliguiri]

Adds full schema documentation set for the File System Access Analyzer Data Collector under admin/schema/fsaadc/: ERD, core tables, views, enumeration, functions, index reference, and foreign key reference pages, plus category.json sidebar files. Updates schema overview page to include the FSAA DC section below SQL DC.

[github-actions]

Auto-Fix Summary

17 issues fixed, 5 skipped across 9 files

Category	Fixes
Contractions	6
Plurals	1
FirstPersonPlural (rewrite)	1
OxfordComma (rewrite)	1
WeakLinkText (rewrite)	1
Dale: idioms	2
Dale: positional-references	5

Skipped (needs manual review)	Reason

| docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/overview.md:122 — Dale: idioms | 'firehose' is a widely understood technical metaphor; rewording would risk losing the high-volume-stream connotation |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:188 — Dale: idioms | 'structural backbone' is a common technical metaphor; rewording risks changing emphasis |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:611 — Dale: idioms | 'firehose' is a widely understood technical metaphor for high-volume event streams |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:0 — Dale: passive-voice | Many passive-voice constructions in schema reference content (e.g. 'is populated by', 'are stored', 'is partitioned by') are the natural register for describing what tables contain; flipping them broadly could distort meaning or feel forced. Skipped to avoid changing author intent. |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md:3 — Dale: undefined-acronyms | FSAA is used in body prose but the page is a deep-reference sub-page reached from a parent overview that defines it; adding a parenthetical definition on every sub-page would be redundant given the strong subject context |

Ask @claude on this PR if you'd like an explanation of any fix.

[tay-caliguiri]

@claude fix all issues

[github-actions]

Fix complete:

The doc-pr editorial review hadn't run yet, so I interpreted "fix all issues" as addressing the 5 items the auto-fix workflow skipped for manual review.

• Fix structural backbone metaphor in coretables/overview.md
• Fix firehose metaphors in erd/overview.md and coretables/overview.md
• Define FSAA on first use in enumeration/overview.md
• Commit and push

Summary:

• coretables/overview.md:188 — "structural backbone" → "central resource inventory"
• coretables/overview.md:611 — "activity-event firehose" → "high-volume activity-event stream"
• erd/overview.md:122 — "audit-event firehose" → "high-volume audit-event stream"
• enumeration/overview.md:3 — "FSAA DC schema" → "File System Access Analyzer (FSAA) DC schema"

Skipped intentionally:

• Passive voice in schema reference content (coretables/overview.md:0). Constructions like "is populated by", "is partitioned by", and "are stored" are the natural register for describing what tables contain; rewriting them broadly would distort meaning or feel forced. If you'd like specific passages flipped to active voice, point me at them and I'll rewrite.

If the doc-pr editorial review surfaces additional issues once it completes, tag @claude again with what you'd like fixed.

[github-actions]

Documentation PR Review

Editorial Review

docs/accessanalyzer/12.0/admin/schema/overview.md

• Clarity — Line 16: The added paragraph introduces "four sub-modules (SA_FSAA_, SA_FSAC_, SA_FSDLP_, SA_FSDFS_)" with bare prefixes but no full names. Readers hitting this index page have no anchor for what each prefix means until they click through. Suggested fix: spell out each prefix on first mention, e.g., "four collector modules: File System Access Analyzer (SA_FSAA_), File System Activity Collector (SA_FSAC_), Sensitive Data/DLP (SA_FSDLP_), and DFS Namespace (SA_FSDFS_)."
• Consistency — Lines 16 and 18: The paragraph uses "sub-modules" but the next bullet says "collector modules." Pick one term. Suggested fix: use "collector modules" in both places.
• Clarity — Line 22: "29 UDFs and stored procedures" uses "UDFs" without expansion. Suggested fix: "29 user-defined functions (UDFs) and stored procedures."

docs/accessanalyzer/12.0/admin/schema/fsaadc/overview.md

• Structure — Lines 5, 18, 68, 91, 98, 105, 109: The page jumps from # (H1 title) directly to ### (H3 section headings), skipping H2. The Netwrix style rule is "Never skip heading levels." Suggested fix: change every ### [Section](...) on this page to ## [Section](...).
• Completeness — Lines 5, 18, 68, 91, 98, 105, 109: Each section heading is followed immediately by a bulleted anchor list with no prose explaining what the reader will find at the destination. The reader has to click through to discover whether the section answers their question. Suggested fix: add a one-sentence introduction under each heading describing the section's scope (e.g., under "Core Data Collection Tables": "Lists every base table populated by the four collector modules, with columns, keys, and indexes for each.").
• Clarity — Line 3: The intro paragraph refers to "all four collector modules" without naming them. Since this is the entry point for the FSAA DC schema docs, a brief enumeration would orient readers before they meet the prefixes in the anchor lists below. Suggested fix: append a sentence naming the four collector module prefixes and their full names.

docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md

• Clarity — Line 9: "The CREATE-Schema job clears and re-inserts the version on every run" introduces "CREATE-Schema job" as a known concept, but the term isn't defined anywhere in the FSAA DC schema docs. Readers landing on the first table description have no context for what this job is. Suggested fix: briefly identify it on first use (e.g., "the FSAA Create-Schema deployment job") or link to where it's documented.
• Clarity — Line 425: "AIP or sensitive-data tags" uses "AIP" without expansion. Suggested fix: "Azure Information Protection (AIP) or sensitive-data tags."
• Clarity — Lines 448–449: "NAA console that initiated the scan" uses "NAA" before the acronym is introduced anywhere in the file. Suggested fix: spell out "Netwrix Access Analyzer (NAA)" on first use.
• Clarity — Line 509: The :::note admonition references "NAA's dynamic host-list generation" — same NAA expansion issue. If fixed at line 449, this becomes consistent.
• Completeness — Line 614: The :::note for SA_FSAC_ActivityEvents states that AccessTime differs by environment (datetime2 for fresh installs, datetime post-Task-15 migration). Readers writing direct queries need to know which they have. Suggested fix: add a one-line pointer on how to detect which version is in use (e.g., "Query sys.columns for SA_FSAC_ActivityEvents.AccessTime to confirm the runtime type.").
• Completeness — Line 691: The :::note for SA_FSAC_DailyActivity says "fresh CREATE TABLE has no PK — the migration adds it if absent." This is ambiguous about whether fresh installs end up with the PK after migration runs or stay without one. Suggested fix: state explicitly which install paths end with the PK present.

docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md

• Completeness — Lines 56–62: The GateType table lists only values 0, 1, 2 (SMB, Windows Security Policy, NFS v3). But SA_FSAA_AzureFilesShares (in coretables) references a GateID from SA_FSAA_Gates, raising the question of which GateType value Azure Files shares use. Suggested fix: add a sentence stating which existing GateType is used for Azure Files (or add the row to the table if a distinct value exists).
• Clarity — Line 26: "Values 6, 7, 11, 20, and 21 don't have a dedicated description string in the current view CASE expressions" tells the reader what's missing but not what they should expect to see instead (NULL? the raw integer? blank?). Suggested fix: state the actual behavior, e.g., "queries against TrusteeTypeDescription for these values return NULL."

docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/overview.md

• Clarity — Line 3: The opening sentence describes "standard crow's foot notation" but doesn't map the Mermaid syntax (||--o{, ||--o|) that actually appears in every diagram on the page. A reader unfamiliar with Mermaid sees the symbols before they understand them. Suggested fix: add a short legend right after line 3, e.g., "Mermaid renders this as ||--o{ (one-to-many) and ||--o| (one-to-zero-or-one)."
• Clarity — Line 6: The note says three tables "aren't shown in any diagram because they carry no foreign keys." SA_FSAA_ScanHistory is described as an audit log but SA_FSAA_SchemaVer and SA_FSAA_AzureStorageAccounts get only parenthetical hints. Readers may briefly worry these tables are missing from the docs. Suggested fix: link each to its description in coretables/overview.md.

docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/overview.md

• No issues found.

docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md

• Clarity — Line 3: "iTVF" is introduced inline as "inline (iTVF)" but the page later uses both "Inline table-valued function" and "Multi-statement table-valued function" as full Type labels without ever using the iTVF abbreviation again. The shorthand isn't load-bearing. Suggested fix: drop the parenthetical "(iTVF)" from line 3 since it adds noise without payoff.
• Clarity — Line 110: "The heaviest UDF in the schema" uses "heaviest" figuratively. Suggested fix: "The most computationally expensive UDF in the schema" or "The slowest UDF in the schema under realistic workloads."
• Clarity — Line 47: "Two definitions exist in the script; the current version is chosen at runtime by the #SA_ImportObject helper." The #SA_ImportObject helper isn't documented on this page or in the FSAA DC schema docs and the leading # (a SQL temp object) is potentially confusing without context. Suggested fix: briefly say what #SA_ImportObject is, or link to where it's described.
• Completeness — Line 174: "Task 26" is referenced as the job that creates these shared core functions, but no other page in this PR defines what Task 26 (or the numbered Task system) is. Suggested fix: either drop the task number or link to a page that explains the Create-Schema task numbering.

docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/overview.md

• No issues found.

docs/accessanalyzer/12.0/admin/schema/fsaadc/views/overview.md

• Clarity — Line 6: The :::note says column sizes "are derived from underlying source columns and SQL CASE expressions… on a populated database the actual sys.columns.max_length may differ slightly." The phrasing leaves the reader unsure whether the page's column sizes can be trusted. Suggested fix: state the trust boundary plainly, e.g., "Use this page for the logical shape of each view; query sys.columns for the exact storage sizes on your database."
• Clarity — Line 511: "the SDD exclusion-filter table" introduces "SDD" without expansion. Suggested fix: spell out the acronym on first use (e.g., "Sensitive Data Discovery (SDD) exclusion-filter table").
• Completeness — Line 467: The SA_FSAC_UserExceptionsView description tells the reader the column shape mirrors SA_FSAC_ExceptionsView minus per-host columns and lists what's present, but doesn't show the full column table the way every other view does. This breaks the section's pattern and forces the reader to cross-reference. Suggested fix: either include the full column table for consistency, or explicitly note "see SA_FSAC_ExceptionsView above for column descriptions" with a working anchor link.

Summary

20 editorial suggestions across 7 files (2 files clean). The most common issues are unexpanded acronyms (NAA, AIP, UDF, SDD) and an H2-skip in the FSAA schema overview page. Vale and Dale issues are auto-fixed separately.

---

What to do next:

Comment @claude on this PR followed by your instructions to get help:

• @claude fix all issues — fix all editorial issues
• @claude help improve the flow of this document — get writing assistance
• @claude explain the voice issues — understand why something was flagged

You can ask Claude anything about the review or about Netwrix writing standards.

Automated fixes are only available for branches in this repository, not forks.

[github-actions]

Auto-Fix Summary

14 issues fixed, 12 skipped across 9 files

Category	Fixes
Dale: passive-voice	13
Dale: undefined-acronyms	1

Skipped (needs manual review)	Reason

| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:449 — Dale: undefined-acronyms | 'NAA' appears only in a table cell column description (not body prose); per rule, define-on-first-use applies to body prose only |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:509 — Dale: undefined-acronyms | Uncertain expansion of 'NAA' acronym (likely Netwrix Access Analyzer but not confirmed in surrounding context); would risk introducing an incorrect definition |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/views/overview.md:511 — Dale: undefined-acronyms | Uncertain expansion of 'SDD' acronym (possibly Sensitive Data Discovery but not confirmed); skipping to avoid introducing an incorrect definition |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:187 — Dale: passive-voice | 'is created WITH (DATA_COMPRESSION = ROW)' is SQL DDL terminology — rewriting as active would distort the DDL meaning |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:21 — Dale: passive-voice | 'used by the C# importer to detect deltas' is a participial adjective modifying 'Update Sequence Numbers' — appropriate in reference-style table description |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md:9 — Dale: passive-voice | 'Used by upgrades to decide whether to apply migrations' is a concise sentence fragment in reference-style description; rewriting would change the descriptive tone |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md:62 — Dale: passive-voice | 'are stored under GateType = 1' is precise schema description (location of data); rewriting as active would lose technical precision |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md:77 — Dale: passive-voice | 'is built by appending each letter' describes algorithm/computation result; the subject of action (the database engine or view) is contextual |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md:33 — Dale: passive-voice | 'Used for subtree aggregation queries' is a short concise reference fragment describing function purpose; common reference-doc idiom |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md:75 — Dale: passive-voice | 'Used by SA_FSAA_ExpandedPermissionsView' — common reference idiom describing which view consumes this function; rewriting changes emphasis |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md:110 — Dale: passive-voice | 'Used by SA_FSAA_EffectiveAccessView' — common reference idiom; same as line 75 |
| docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/overview.md:11 — Dale: passive-voice | 'it is split into the following two diagrams' — rewriting as active would require introducing an artificial subject and degrade flow |

Ask @claude on this PR if you'd like an explanation of any fix.