Reports and export

Current sets of filters can be saved as a new report using the menu [Report] > [Create new report]. Reports can be exported to HTML or CSV files or can be reloaded within the program to change the filters or review results. There are two options for HTML: a simple HTML table and an option which includes search, paging and sorting options.

Report types

Permission Analyzer supports nine report types, each of which displays search results differently:

Folders/files and the sum of their permissions
Folders/files and their Access Control List, as they appear on the file system
Folders/files and the ACL with expanded groups showing direct members and their effective permissions
Folders/files and the ACL with expanded groups showing nested members and their effective permissions
Users and groups and all their explicit permissions. This report is laid down per user/group instead of directory/file. For each user or group the directories and explicit rights are displayed, including permissions from nested group memberships.
Groups that match the filter criteria and their direct members
Groups that match the filter criteria and their nested members
Groups that have permissions in the folder tree and their direct members
Groups that have permissions in the folder tree and their nested members

Some report types show a relatively extensive amount of information per user and group. That’s why we recommend making your filters as specific and targeted as possible, to exclude any unnecessary information. This prevents reports from being crowded with irrelevant information.

Tip: put a placeholder in the Target file path to include the current date in the path:
c:\permission reports\[date:yyy-MM-dd]_report.html. This will preserve old report files. See Java date formats.

E-mail

A report can be configured with an e-mail address, allowing it to be sent to that address at every export opportunity. An SMTP server, however, must be configured to accommodate the address and can be set up in the application settings. The option will also allow you to indicate whether you want the report to be included as an attachment and to include a message in the e-mail. The e-mail template may contain the following fields: [report_name], [report_path], [report_description] en [report_threshold].

Report templates

You will also be able to use modified templates to generate the report. Permission Analyzer comes with a number of default templates for HTML and CSV, which can be modified according to your specifications. The templates are located in <application dir>\plugins\Permission_Analyzer_2.xxxx.jar – the file can be opened with any ZIP application. Here are examples of the default HTML template for files and the sum of permissions or the CSV template for files and their ACL’s.

Filter selections

If you have selected a filter selection as a filter, then that selection will show up as an option when generating the report. Using the selection will create a reference to the filter selection within the report and any modifications to the filter selection will result in all reports automatically applying the modified selection. Unchecking the option in the report will result in the report saving a copy of the filters and not change according to the filter selection.

Running reports automatically

Use Permission Analyzer to run reports automatically using the following parameters:

-report “myReport” “myReport2”: run one or more reports by name.
-allReports: run all reports.

Permission Analyzer will close automatically after all reports have been exported. See Scheduling jobs feature for more command-line options.

Folders/files and the sum of their permissions

This report provides a list of directories and files that meet the filter criteria. Per directory, only the effective rights of all Access Control Entries that are found on the basis of the filters. The report takes into account the priorities used by Windows (privileges that deny something will, for example, have a higher priority than privileges that grant access).

Folders/files and their Access Control List

Instead of adding up all the rights, Access Control Entries are displayed separately per directory or file in this report. It provides an overview of the Access Control List (ACL) per directory or file and contains all Access Control Entries (ACE) that match the search criteria. Each ACE has a set of permissions and a member and match the data in the Windows Security tab on the file properties. Only the directories and files that match the search criteria will be included in the report.

Folders/files and the ACL with expanded groups showing direct members and their effective permissions

Same as previous report type, but the report groups in the report popped up so that the direct group members are visible. A similar report type is available to display the nested group members.

Users and groups and all their explicit permissions

This report is laid down per user/group instead of directory/file. For each user or group the directories and explicit rights are displayed. It displays all explicit permissions, including permissions from nested group memberships. The column Via ACL member shows the origin of permissions per group or user, indicating through which (nested) group a user or group has inherited those permissions. Only users and groups that appear in the search results will be included in the report. This report shows a relatively extensive amount of information per user and group. That’s why we recommend making your filters as specific and targeted as possible, to exclude any unnecessary information. This prevents reports from being crowded with irrelevant information.

Groups and members

This report is separate from the rights and shows exclusively the groups found as well as their group members. A similar report type is available to display the nested group members. A separate report type will only display the groups that actually have permissions in the (filtered) folder tree.

Manage reports

A list of all reports can be requesting via the menu: [Report] > [Manage Report]. You will subsequently be able to review and modify all reports, run them manually or input them into the application.

Quick export

Specific folders can be easily exported using the filters selected and will not require generation of a report. Simply open the context menu of a folder using the right mouse button and select Export. This option will also allow you to select the report type, file type and whether you wish to send an e-mail.

Happy customers:

We needed an overview of all the access rights in our network. I am now able to run reports to give to the department director so that they can see who has what permissions and to either add or remove users. You can periodically scan the directories and have the results compare to the old reports to see if anything has changed. This is what I am truly after. Permission Analyzer helps me by doing the initial scan and letting me know what is out there now.
E. Martin, an ECR International spokesperson
We are currently trying to analyze our user rights on the network, but have not found a tool that displays easy-to-read report data. I have downloaded your demo and have found it much easier to use, and seems much faster than Hyena when it comes to collecting data from our servers.
C. North, Park Community
I have been looking for just this type of tool to use in the many conversions and acquisitions that we are involved with. Some small and some very large.
K. Hoggatt, HP Enterprise Services
Thank you it is looking correct now. I would like to say the support from you has been fantastic!! Thank you very much. I will be strongly recommending this software to any organisation requiring high security around folders permissions.
S. Martin, Timberlands Limited