Identify the permissions of a user
ARM provides a user perspective, displaying the individual resources each user can access in your organization.
You can compare the rights of a specific user to their role in your organization. Here, the "least privilege principle" applies. Employees who change departments during their employment often retain access rights from previous roles that should have been removed after they accept a new role in your organization.
-
In the toolbar, click Resources.
-
Locate the employee whose access rights you want to analyze.
-
In the Search field, enter an employee name, and then press Enter.
For example, emily.
-
Under Users, locate and select the targeted employee.
ARM activates the scenario Where does a user/group have access and displays all resources that Emily can access.
ARM displays all directories that Emily Employee can access on the file server. In the following example, the focus is on the Marketing directory. ARM displays the access rights for the Marketing directory. The green icon indicates that the access rights on this directory differ from the parent directory.
In the Access Rights tab, the green arrow indicates the user Emily Employee. This helps you identify which resources Emily Employee can access based on the individual permission paths.
-