Documentation forAccess Rights Manager

Identify recursive groups (web client)

Groups can be members of other groups. Active Directory allows children to become parents within their own family tree. If the nested group structure loops in a circular way, group membership assignments become ineffective and nonsensical.

Through these recursions or circular nested groups, every user who is a member of any recursive group is granted all access rights of all groups. The consequence is a confusing mess of excessive access rights.

ARM automatically identifies all recursions in your system. SolarWinds highly recommends removing the recursion by breaking the chain of circular group memberships.

Administer only with ARM and recursions can no longer occur because ARM does not allow recursions to be created.

The deeper your group structure the more likely you are to have circular nested group structures. Therefore, keep an eye on the nesting depth of your groups.Break the circle by managing group memberships (rich client) or removing group memberships (web client). See Identify recursive groups (rich client) for additional information.
  1. Log in to the web client.

  2. In the toolbar, click Analyze > Risk assessment dashboard.

  3. In the Risk Assessment dashboard, ARM are several tiles. The Groups in recursion tile displays a rating for the risk factor Groups in recursion.

  4. Click Minimize Risks.

    The Groups in Recursion screen lists all groups in recursion.

    The screen title is listed at the top of the screen (1).

    Use sorting, filtering and grouping to analyze the data (2).

    Click the drop-down menu (3) to select the columns to display in the grid and in the reports.

    Click Direct Excel Report (4) to export the data to a Microsoft Excel file.

    Click Create Report (5) to create a report in PDF or CSV format.