Save your filters as report
Current sets of filters can be saved as a new report using the menu [Report] > [Create new report]. Reports can be exported to HTML or CSV files or can be reloaded within the program to change the filters or review results. There are two options for HTML: a simple HTML table and an option which includes search, paging and sorting options.
Different report types
Permission Analyzer supports nine report types, each of which displays search results differently:
- Folders/files and the sum of their permissions
- Folders/files and their Access Control List, as they appear on the file system
- Folders/files and the ACL with expanded groups showing direct members and their effective permissions
- Folders/files and the ACL with expanded groups showing nested members and their effective permissions
- Users and groups and all their explicit permissions. This report is laid down per user/group instead of directory/file. For each user or group the directories and explicit rights are displayed, including permissions from nested group memberships.
- Groups that match the filter criteria and their direct members
- Groups that match the filter criteria and their nested members
- Groups that have permissions in the folder tree and their direct members
- Groups that have permissions in the folder tree and their nested members
Some report types show a relatively extensive amount of information per user and group. That’s why we recommend making your filters as specific and targeted as possible, to exclude any unnecessary information. This prevents reports from being crowded with irrelevant information. Tip: put a placeholder in the Target file path to include the current date in the path: c:\permission reports\[date:yyy-MM-dd]_report.html. This will preserve old report files. See Java date formats.
A report can be configured with an e-mail address, allowing it to be sent to that address at every export opportunity. An SMTP server, however, must be configured to accommodate the address and can be set up in the application settings. The option will also allow you to indicate whether you want the report to be included as an attachment and to include a message in the e-mail. The e-mail template may contain the following fields: [report_name], [report_path], [report_description] en [report_threshold].
You will also be able to use modified templates to generate the report. Permission Analyzer comes with a number of default templates for HTML and CSV, which can be modified according to your specifications. The templates are located in <application dir>\plugins\Permission_Analyzer_2.xxxx.jar – the file can be opened with any ZIP application. Here are examples of the default HTML template for files and the sum of permissions or the CSV template for files and their ACL’s.
If you have selected a filter selection as a filter, then that selection will show up as an option when generating the report. Using the selection will create a reference to the filter selection within the report and any modifications to the filter selection will result in all reports automatically applying the modified selection. Unchecking the option in the report will result in the report saving a copy of the filters and not change according to the filter selection.
Running reports automatically
Use Permission Analyzer to run reports automatically using the following parameters:
- -report “myReport” “myReport2”: run one or more reports by name
- -allReports: run all reports
Permission Analyzer will close automatically after all reports have been exported. See Scheduling jobs feature for more command-line options.
Report type: Folders/files and the sum of their permissions
This report provides a list of directories and files that meet the filter criteria. Per directory, only the effective rights of all Access Control Entries that are found on the basis of the filters. The report takes into account the priorities used by Windows (privileges that deny something will, for example, have a higher priority than privileges that grant access).
Report type: Folders/files and their Access Control List
Instead of adding up all the rights, Access Control Entries are displayed separately per directory or file in this report. It provides an overview of the Access Control List (ACL) per directory or file and contains all Access Control Entries (ACE) that match the search criteria. Each ACE has a set of permissions and a member and match the data in the Windows Security tab on the file properties. Only the directories and files that match the search criteria will be included in the report.
Report type: Folders/files and the ACL with expanded groups showing direct members and their effective permissions
Same as previous report type, but the report groups in the report popped up so that the direct group members are visible. A similar report type is available to display the nested group members.
Report type: Users and groups and all their explicit permissions
This report is laid down per user/group instead of directory/file. For each user or group the directories and explicit rights are displayed. It displays all explicit permissions, including permissions from nested group memberships. The column Via ACL member shows the origin of permissions per group or user, indicating through which (nested) group a user or group has inherited those permissions. Only users and groups that appear in the search results will be included in the report. This report shows a relatively extensive amount of information per user and group. That’s why we recommend making your filters as specific and targeted as possible, to exclude any unnecessary information. This prevents reports from being crowded with irrelevant information.
Report type: Groups and members
This report is separate from the rights and shows exclusively the groups found as well as their group members. A similar report type is available to display the nested group members. A separate report type will only display the groups that actually have permissions in the (filtered) folder tree.
Specific folders can be easily exported using the filters selected and will not require generation of a report. Simply open the context menu of a folder using the right mouse button and select Export. This option will also allow you to select the report type, file type and whether you wish to send an e-mail.
View previous report runs by opening the Report history in the context menu of a report. Use the same menu to quickly compare the last two runs of a report, generating an additional report containing only the difference between the two runs. To compare previous reports, ensure that the report's output path contains a date/time stamp so that previous HTML / CSV files are not overwritten. When a report is generated, the application can automatically create a comparison report comparing the HTML / CSV file of the previous export with the current one. Just enable the option "Create comparison report" in the report details.
For more information about comparing report runs, see the page Track changes.