Identify the permissions of a user

<< Inhaltsverzeichnis anzeigen >>

Navigation:  Start > Using 8MAN - The Services > Permission Analysis  > Fileserver > Services für Administratoren und Data Owners >

Identify the permissions of a user

Background / Value

8MAN can also show you the user perspective, and which directories individual users have access to. This is important as it allows you to compare the rights of a given employee to the role that they fill in your organization. Here the "least privilege principle" applies. Employees who have changed departments several times often still have access rights from previous roles that could have been removed after taking on new roles.

 

Additional Services

Alternatively, you can capture the same information in a report: Which resources does a user have access to?

In contrast to the dynamic view in the UI, the report does not show any information related to Active Directory, Exchange und Purpose Groups.

 

A015-001 EN Einen Benutzer und seine Berechtigungen identifizieren

 

1.Select "Resources".

2.Enter the name of the person whose access rights you want to analyze.

3.Select the desired result in the "User" area.




A015-002 EN Einen Benutzer und seine Berechtigungen identifizieren

 

1.8MAN activates the scenario "Where does a user/group have access"

2.8MAN shows all resources that "Chris Cook" can access. In the basic version you can view results for Active Directory and file servers. Depending on which AddOns have been chosen, you can also review access to other resources.




A015-003 EN Einen Benutzer und seine Berechtigungen identifizieren

 

1.8MAN shows all directories that "Chris Cook" can access on the file server. In this example we have focused on the "Finance" directory.

2.8MAN shows the access rights for the "Finance" directory.

3.The green arrow indicates the user "Chris Cook". This helps you identify which resources "Chris Cook" can access, based upon the individual permission paths.

4.The green circle with the exclamation mark shows that the access rights on this directory differ from the "parent" directory.