The Access report provides a list of all users (unwound from groups) that have access to the selected object, their level of access and how they have been granted access (Group Membership, Individual ACL, Global Role or Global Permission).
Each listed permission associated to the user represents a unique permission ensuring the reader can understand the entire scope of permission granted to each individual user.
The Access report is available from the following locations by accounts with the appropriate permissions:
- Object’s Permissions page: Any user with permission to modify an object’s permission can view this report by clicking the Access Report button from the object’s permission page (Manage > Permissions).
- Inventory Report: Any user with permission to access the system or vault Inventory report, can view this report by selecting the View Access Report option located in each object’s Action menu.
- Global Permissions: Any user with permission to access the Global Permissions page can view this report by clicking the Access Report button.
Access report options
The following options are provided with the Access report:
- Search is available to quickly locate objects using string based queries.
- Export is available to export the available on-screen data to either a CSV, PDF or XLSX file.
- Sorting is available by clicking on the desired column header.
The following information is provided as columns in the Access report:
- User: Displays the user’s name and (login).
- Permissions: Displays the user’s specific Permission to this object. Permissions include:
- Global Role: If the user has access via a Global Role, the role name will be displayed.
- Global Permission: If the user has access via a Global Permission, the specific level of access for each role (Record Control/Session Control/Task Control) will be displayed.
- ACL: If the user has access via a specific ACL (either individual or by Group membership), the specific level of access for each role (Record Control/Session Control/Task Control) will be displayed.
When access is granted due to Group membership, the name of this group will be shown at the end of the line in parenthesis. For example, (Developers) meaning this specific permission was granted to this user because they are a member of the Developers group.