Following the network scan, the database may be used to carry out search queries. Permission Analyzer offers an extensive set of filters for you to obtain specific information. The search results are represented in the tree structure or table of directories and files. An aggregated list of privileges is shown for each of the directories or files, as the search result(s) may contain privileges of multiple users or groups. You will be able to zoom in on the aggregated privileges using the Trace options at the bottom of the result window.
Filter for users and groups
The simplest filter displays the permission privileges for a specific group or user (hereafter to be referred to as member). The filter takes into account the nested group membership of the selected member. Permission Analyzer also allows for multiple members to be included in a single overview. Simply select all members of a specific group or LDAP OU or search using a wildcard key word for the account name and display name. This will allow you to monitor whether someone from a specific group has too many permission privileges in certain folders.
In addition to including members in searches, you are also able to exclude one or more members from searches, e.g. by excluding everyone from the Domain Admins group.
Filter for permission privileges
When filtering permission privileges you can indicate whether a member should have all privileges or at least one of those you have selected. The former can be used to filter for members with specific permissions (such as FULL), while the latter can be used to display a series of permissions.
If necessary, configure the filter to only display explicit permissions.
Filter for directories and files
A set of filters can be saved as a Selection, making a large number of frequently used filters easily retrievable and usable. A selection will bundle filters of the same type (members, permissions or folders). The total number of filters for an overview can be saved as a Report. Filters can be modified by clicking Run and can be reset by clicking Reset in the toolbar.
Overview of permissions
After applying the filters, all retrieved permissions will be shown in a tree structure, grouped in directories and files. The toolbar also contains an option to have results displayed in a table rather than a tree structure. Each item will contain a label with the relevant permission and a number of columns showing which special permissions apply e.g. permissions of various members, as each row is a sum of all retrieved permissions. The background color of the permissions indicates whether a permission was granted directly or if it was inherited from a folder above: white for implicit ‘allow’ permissions, green for explicit ‘allow’ permissions, light red for implicit ‘deny’ permissions and dark red for explicit ‘deny’ permissions.
There are four tabs at the bottom of the search result screen: one which allows you to zoom in on a directory to review which permissions and members have been found including their effective and inherited permissions, one that provides details on the Access Control List of the directory selected, one that shows the provenance of permissions for a particular member and another tab which allows you to retrieve all users and groups from the overview including all their explicit permissions. For more details see the Modify permissions and Trace permissions features.
Tip: drag tabs to a second screen or to another location within the application to view both tabs simultaneously.