Permission inventory enumerates the permissions of select folders and makes the permission data (ACL, ACE) available in the web reports. As is the case with all other features that reference folders, the folders need to be referenced relative to the monitored host with local paths. UNC paths are not recommended since the account the agent is running under generally does not have sufficient access to remote hosts.
In order to inventory permissions on multiple folders located on multiple machines, individual packages (that need to be assigned accordingly) need to be created. The permission inventory feature can be customized with the following configuration options.
|
Requirements: The LocalSystem account will need at least READ access to specified files and folders in order to access the files and enumerate the permissions. |
Inventory Type
Consolidate & omit inherited permissions
Even though each file in NTFS has individual permissions set, permissions are generally inherited for the vast majority of files. Setting the inventory type to this option will only record permission entries that deviate from the permissions of the parent folder, and as such significantly reducing the number of data being stored in the database. This is the recommended option, especially for directories containing a large number of files.
Inventory all files and folders
Records the permission entries from every file, even if the permission entry is identical to the parent folder. This is only recommended for directories containing a small number of files, or when the default option (above) does not yield the desired results.
Refresh Interval
Configures how often permissions of all files in the selected folders are refreshed, 12 hours by default. Since every single file has to be evaluated during a rescan, a higher interval is recommended for directories that contain a large number of files.
Database
Configures in which database(s) the permission inventory data will be stored.
