Identify multiple access paths
Background / Value
Multiple access paths are often a consequence of confusing group structures and direct access rights. Access to resources should only be granted using group memberships.
In practice, it often happens that you remove only one access path and then wonder why the user still has access. With ARM you can see all existing access paths with just a few clicks. This is the basis for completely removing all access paths.
- Select Resources.
- Select a directory.
- ARM shows you in the column How often granted warnings for multiple access paths.
- Select an entry.
- ARM shows you all existing access paths. In this example Emily Employee is granted the modify permission in two ways:
- inherited via the group membership of the permission group
- via a direct entry in the ACL
In the resource view you will find many icons and symbols. Hover your mouse over them to get more information and meaning, e.g. inheritance, propagation, group types and so on.
If you find complicated group structures, we recommend the analysis in the account view.
Right-click on the user to open the context menu. Select Show in accounts view....