The IT department is often asked where a user is authorized. This question, which is usually very difficult to answer, is answered quickly and in detail by the authorization report. If necessary, the result can be exported to Excel to discuss it with supervisors, the CSO or data owners, for example.
A key advantage of this analysis is the comprehensive presentation of all important details about the permissions. For each directory that the account has permissions to, the full permissions path is shown. This includes showing whether the permissions were granted through group memberships or whether the user is authorized directly. Additionally, the report enables an in-depth analysis of each individual access control entry (ACE) to ensure a complete understanding of the authorization structure.
The authorization report can be found in the navigation in the AD analysis area:
Select the account (person or group) for which you want to analyze the permissions by typing the name in the text box and clicking the correct search result. Now click Start.
The first thing you see is a preview of the expected list, which you can use to decide whether you want to look at the list in the web client or whether you want to start the export directly. You can also start the export later from the list view. If the total number of direct entitlements exceeds 500, only export is offered.
The detailed list can now be generated or the Excel export can be started immediately via "Show all direct permissions".
