FileAudit Documentation
FileAudit Documentation
You are here: Reference > Reporting > Permissions reports

Permissions reports

FileAudit offers reports that allow you to view the permissions of your files and folders, as well as attempts to change permissions and ownership.

Permissions snapshots

You can display an instantaneous view of permissions from a previously generated snapshot of your audited paths. You can generate and display a snapshot immediately or schedule one for a specific time.

In these condensed reports, you will see permissions for the root folder of every configured path. For child files or folders, permissions will be displayed only if the permissions are different from their parent.

This means that if a file or folder doesn’t appear in this report, its permissions are exactly the same as its parent.

Permission reports can be displayed in simple or in advanced mode as they are defined in the Windows File Explorer.

Simple Permissions

Display simple permissions of files and folders:

  • Permission type (allow or deny)
  • Full control
  • Modify
  • Read and Execute
  • List Folder Contents
  • Read
  • Write
  • Special permissions
  • Owner

Advanced permissions

Display advanced permissions of files and folders:

  • Permission type (allow or deny)
  • Full control
  • Traverse folder / execute file
  • List folder / read data
  • Read attributes
  • Read extended attributes
  • Create files / write data
  • Create folders / append data
  • Write attributes
  • Write extended attributes
  • Delete subfolders and files
  • Delete
  • Read permissions
  • Change permissions
  • Take ownership
  • Owner

The simple and advanced permissions reports require the generation of snapshots. Click here for more information on how to generate snapshots.

Filters

  • Path: You can display events on files and/or folders. Take note:
    • The ‘Path(s)’ field of the ‘File Access Viewer’ supports ‘*’ (any string) and ‘?’ (any character) wild characters.
    • If you enter a file/folder path not currently monitored, FileAudit will detect and propose that the audit configuration be set up via its wizard. Follow the different steps to configure the NTFS audit for this new path.
  • Inherited: Indicates whether file/folder attribute is marked as Inherited from a parent folder. Display events for Yes, No or Both types of attributes.
  • Permissions Type: Indicates file/folder whether attribute marked as Allow or Deny for the basic set of permissions. Display events for Yes, No or Both types of attributes.
  • Owner: Select events based on the Owner of the File/Folder

Attempts to change permission or take ownership

These two reports are based on access events, not on snapshots like the previous 2 reports:

  • Permission Change Report: A user attempted to change permissions on a file/folder.
  • Ownership Change Report: A user attempted to take ownership of the file/folder.