Check Effective Permissions
2 minute read
Introduction
The “Add Principal” function allows you to specifically analyze the effective access rights that a particular user or group has to files and folders. All relevant factors are automatically considered – from group memberships and share permissions to inherited and explicit NTFS permissions.
Add Users to the Analysis
- Open an existing analysis in the NTFS Analysis section.
- Click the “Add Principal” button.
- Select the desired user or group from Active Directory or from local groups.
- After selection, the user is added to the analysis – the matrix is extended to show this principal’s effective permissions.
Placeholder Screenshot: Add Principal
What Does the Effective Permission Show?
A user’s effective rights result from the interaction of the following layers:
- Share permissions on the network share
- Inherited NTFS permissions from parent folders
- Direct (explicit) NTFS permissions on the target folder
- Group memberships (including nested groups)
- Filter conditions (if active)
Docusnap365 automatically calculates this combination and only displays the effective rights of the selected user.
Placeholder Screenshot: Effective Rights of a User
Why This Matters
This analysis provides a clear answer to the question:
“Does user X have access to directory Y – and if so, with what permissions?”
It also detects whether a user obtains rights via group memberships that they should not have individually. This makes the feature especially useful for:
- Audits and compliance checks
- GDPR information requests
- Permission clean-ups
Special Features
- Groups are resolved recursively – nested groups are fully taken into account.
- Only effective rights are displayed – non-existent but theoretically inheritable rights are not shown.
- Multiple principals can be analyzed and compared simultaneously.