Documentation forAccess Rights Manager

Identify multiple access paths

Multiple access paths are often a consequence of confusing group structures and direct access rights. Access to resources should only be granted using group memberships.

In practice, it often happens that you remove only one access path and then wonder why the user still has access. With Access Rights Manager you can see all existing access paths with just a few clicks. This is the basis for completely removing all access paths.

Step-by-step process

  1. Select Resources.
  2. Select a directory.
  3. Access Rights Manager shows you in the column How often granted warnings for multiple access paths.
  4. Select an entry.
  5. Access Rights Manager shows you all existing access paths. In this example Emily Employee is granted the modify permission in two ways:
    - inherited via the group membership of the permission group
    - via a direct entry in the ACL

In the resource view you will find many icons and symbols. Hover your mouse over them to get more information and meaning, e.g. inheritance, propagation, group types and so on.

If you find complicated group structures, we recommend the analysis in the account view.

Right-click on the user to open the context menu. Select Show in accounts view....