Identify multiple access paths
Multiple access paths are often a consequence of problematic group structures and direct access rights. When you remove an access path, a user may still have access to the targeted resource.
Resources should only be granted using group memberships. Using the Access Rights Manager application, you can view all existing access paths.
-
In the toolbar, click Resources.
The Resources view includes several icons and symbols. Hover your mouse over each icon and symbol for more information, including inheritance, propagation, and group types.
-
In the Resources column, select a directory.
For example, Flyer.
-
In the bottom right corner under Accounts with permissions, select an entry.
In the how often granted column, ARM displays warnings for multiple paths.
ARM also displays all existing paths.
In this example, Emily Employee is granted the Modify permission using two methods:
-
Inherited through the group membership of the permission group
-
Through a direct entry in the ACL
-
If you experience complicated group structures, select Analysis in the Accounts view. Right-click the user and select Show in accounts view in the drop-down menu.