Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Show items permissions, starting from Security Groups
#1
Question 
Hi!

At the moment, ASG-RD seems just to show all users and security groups permissions on a specific item (selecting the Connection properties and then having a look to Security option under Connection menu, I can easily have a clear report of all security groups that can access to that object).

But what is really missing is the reverse search: how can I know WHAT objects can be accessed by a specific security group? Having hundreds of connections and dozens of Security Groups, to make housecleaning and remove no more useful security groups, it's essentials to have a look at a glance of what an existing security group has access to...

Is it possible to implement this view? Selecting an existing SG, a view of all existing objects it already has access to...

Thx for your support,
Diego

PS: maybe there's already a way to doing it... accessing to SQL database and querying it?
Reply
#2
Present Security Groups management windows already has a lot of unused and available GUI empty space that could be useful for this view purpose... (see attachment)  Big Grin


Attached Files Thumbnail(s)
   
Reply
#3
Would it be possible to add to the 3 dot main menu an option to collapse or expand all groups?

Also Global variables being available from all 3 dot menus? I know you can get to it from the Main menu > Manage, but this cuts a step out
http://mashroomsblog.over-blog.com
Reply
#4
Hi guys... any way to see some of the above improvements in user rights management in the upcoming ASG-RD 2021 revamp of the app ? Big Grin

Time flies, but this is still a quite critical aspect to manage when you have hundreds of object/connections and users using ASG-RD... a real pain to make periodic house-cleaning in users permissions...

Thx a lot for your support!
Reply
#5
We have one issue left in 2021 version - and are starting with implementation of some new features right now - so it will not be part of the first release but will be added in one of the first Patch versions
Regards/Gruss
Oliver
Reply
#6
Sorry for necro'ing this old thread, but I am also looking for this.

We have more than 2000 RDP objects in a chaotic folder structure, and multiple security groups that consist of AD groups and individual AD users. And now we have the requirement to "clean up" the user mess.

=> How can I find out which Security Group has rights to which objects? A kind of reverse lookup for the "Connection / Security" setting.

I don't have to know the exact rights per object, for me it would be enough to see where "Default Values" are set (overwriting Inherited Values). If this is not possible from the application, is there a SQL statement for this?

Thanks!
Reply
#7
OK, you need access to the MS SQL database for this. Don't ask me about warranty, and don't ask me about what happens after an update...

First, create a stored procedure to iterate through the item hierarchy. This is a simple CTE and not tuned for high performance.

Code:
CREATE   FUNCTION dbo.ItemHierarchy  (@itemid uniqueidentifier)
  RETURNS VARCHAR(8000)
  AS
BEGIN
  DECLARE @Result VARCHAR(1000)
;WITH CTE AS
    (
    SELECT [Level]=1, parentitemid, itemID, Path= CAST(text AS VARCHAR(8000))
    FROM dbo.Items
    WHERE itemid = @itemid
    UNION ALL
    SELECT [Level]+1, a.parentitemid, a.itemID, Path= CAST(text AS VARCHAR(8000)) + '/' + Path
    FROM dbo.Items a
    JOIN CTE b ON b.parentitemid = a.itemID
    )
    SELECT @Result = path from CTE where level = (select max(level) from CTE);
    RETURN @Result
END;

Then you can get the assigned credentials and connections with these statements:
Code:
SELECT * FROM dbo.securityGroups;

SELECT distinct dbo.itemhierarchy(sa.itemid) AS path, sg.groupname
from dbo.SecurityAssignment sa, dbo.securitygroups sg
WHERE sa.groupid=sg.groupid
AND sa.groupid='00000000-0000-0000-0000-000000000000'
ORDER BY 1;
(replace the 000... with the GUID of your SecGroup).

If I analysed the results correctly, it shows all items (credentials, connections, folders) where individual security settings are done (Default Values -> Data exists), not where values are inherited. The statement does not show the individual settings, if you are a bit familiar with SQL you can edit the second statement to include the "SecurityIdent" column.

This works for me on:
Microsoft SQL Server 2019 (RTM) - 15.0.2000.5 (X64)
ASG 2021 - 14.07241.1
DBeaver 22.0
Reply




Users browsing this thread: 1 Guest(s)