Ensuring that permissions are assigned correctly in a network is an absolutely crucial IT administration goal and at the same time one of the most complex tasks to be faced. This is due to the fact that, particularly in Microsoft Windows environments, the most diverse types of permissions can be configured and some systems, such as Microsoft SharePoint Server make use of specific technologies.
The Docusnap Permission Analysis feature builds on the Windows, ADS, and SharePoint features and provides extensive analysis options on the basis of the inventoried data.
Permission analyses can be performed for Windows-compatible file systems as well as for Microsoft SharePoint environments. This module further inventories the permissions for Microsoft Exchange Server, Microsoft SQL Server, and the Microsoft Active Directory Services. The latter do not require the additional Permission Analysis feature.
Before you start an analysis, it is necessary to additionally retrieve the NTFS directory structures using a wizard or a scheduled task via the Docusnap Server. The Permission Analysis feature extends Docusnap by adding the inventory feature for NTFS directories and the possibility to also scan CIFS / SMB-compatible systems. This option allows you to inventory filer systems, such as NetApp Filer or Samba Server. The necessary shares including their permissions are already determined during the Windows inventory process.
If requested, the SharePoint feature scans the permissions within the SharePoint structures. By combining this information with the data retrieved by the ADS feature (users and groups), the Permission Analysis feature performs its analyses.
Docusnap is able to display the effective permissions for a user or a group, taking all factors, such as indirect assignment by groups, inheritances, blocked inheritances, the type of permission (Allow, Deny), as well as the combination of these factors into account. File system rights can be shown in detail (NTFS permissions) or in a simplified way. They are represented by a permission matrix which uses color coding to identify the various configurations. Multiple users or groups can be analyzed simultaneously in a single step. Filtering allows you to mimic the permission situations from each user’s perspective. For optimum clarity, peculiarities (inheritance or inheritance blocking) are identified graphically in the directory hierarchy.
Docusnap is able to display effective permissions graphically and, consequently, easily highlight the origin of individual permissions. Filter options in the user interface make it easy, for instance, to track the origin of a write permission. In addition, the memberships of users or groups in other groups can be represented graphically.
The Permission Analysis feature comes with meaningful reports that display the effective permissions in a directory hierarchy for a particular group of users. Another report is available which lists – from the perspective(s) of one or more resources (e.g. HR directory) – all users which have any permission on the respective resource or directory.
It goes without saying that all reports and inventory scans can be scheduled for later execution. Thus, every department head or account manager may automatically receive monthly overviews per e-mail listing the permissions existing in his / her area.