Table of Contents
- Introduction
- System Requirements
- Assign Service Logon As Credentials
- Server Configuration
- Agent-Based Monitoring
- Data Providers
- Directory Services
- Audit Work Items
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Script Template
- Registry Value Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- SNMP
- SSH Shell
- Exporting and Importing Configuration Objects
- Shared Views
- Auto-Config Host Assignment Properties
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Active Directory Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- File Explorer
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Command Line Interface
- Troubleshooting
- Terminology
File and Directory Access Permissions Reports
The File and Directory Access Permissions Reports enable you to either manually on-demand scan any disk or directory for assigned permissions and optionally schedule the results to be emailed to you or output to a file, for example, a CSV file.
Requirements
Operating System | Technology |
---|---|
Windows | Remote WMI and Windows Shares |
Linux | SFTP/SSH or FTP/S |
How to create a File and Directory Access Permissions Report:
- From the Menu Bar select File | New. The Create New Object View displays.
-
From the Create New Object View, expand Report | File and Permissions Reports then select File and Directory Access Permissions. The Properties View displays.
Unlicensed report types appear in gray text. If you would like to create a report that is not currently licensed, please contact Corner Bowl Software to upgrade your license. - The Properties View contains 7 configuration tabs.
How to configure the File and Directory Access Permissions
-
Use the Files and Sub-Directories section to:
Option Description Include files Scan and list each file in the report. Detail sub-directories and files Scan and list each sub-directory in the report. Hide BUILTIN users and groups Hide the BUILTIN account from the report. -
Use the Access Permissions section to configure the permissions to report. The following permissions are supported:
Option Hex Value Description None 0x00000000 No permissions assigned. Read 0x00000001 Permission to read the data of a file. Write 0x00000002 Permission to modify a file's data anywhere in the file's offset range. This includes the ability to write to any arbitrary offset and as a result to grow the file. Append 0x00000004 The ability to modify a file's data, but only starting at EOF. ReadEA 0x00000008 Permission to read the named attributes of a file or to lookup the named attributes directory. WriteEA 0x00000010 Permission to write the named attributes of a file or to create a named attribute directory. Execute 0x00000020 Permission to execute a file or traverse/search a directory. DeleteChild 0x00000040 Permission to delete a file or directory within a directory. ReadAttributes 0x00000080 The ability to read basic attributes (non-ACLs) of a file. WriteAttributes 0x00000100 Permission to change the times associated with a file or directory to an arbitrary value. Delete 0x00010000 The right to delete the object. ReadControl 0x00020000 The right to read the information in the object's security descriptor, not including the information in the system access control list (SACL). WriteDAC 0x00040000 The right to modify the discretionary access control list (DACL) in the object's security descriptor. WriteOwner 0x00080000 The right to change the owner in the object's security descriptor. Synchronize 0x00100000 The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right. SystemSecurity 0x01000000 Specifies access to the system security portion of the security descriptor. MaximumAllowed 0x02000000 Indicates that the caller is requesting the most access possible to the object. GenericAll 0x10000000 All possible access rights GenericExecute 0x20000000 Execute access GenericWrite 0x40000000 Write access GenericRead 0x80000000 Read access File and Directory Permissions Report Properties