TSplus Advanced Security Permissions

Permissions

Since version 4.3, TSplus Advanced Security offers a Permissions functionality, that allows the administrator to manage and/or inspect users/groups privileges.

On the Permissions dashboard, the list of users and groups and the list of available folders are showed side-by-side.
Everything is visible at one sight, which makes it super easy to Inspect (TSplus Advanced Security Essentials) and edit (TSplus Advanced Security Ultimate) privileges for one user at a time and therefore to increase the accuracy of the restrictions.

Manage

On the Manage tab, for each user or group selected on the left tree view, you can:

TSplus Advanced Security permissions manage
  • Deny – When clicking on the Deny button, the selected user will be denied privilege on the selected filesystem object. If a file is selected, then the selected user is denied the privilege of reading the selected file (FileSystemRights.Read). If a directory is selected, then the selected user is denied the privilege of reading and listing the directory content (FileSystemRights.Read and FileSystemRights.ListDirectory).
  • Read – When clicking on the Read button, the selected user will be granted privilege on the selected filesystem object. If a file is selected, then the selected user is granted the privilege of reading the selected file and executing if the file is a program (FileSystemRights.ReadAndExecute) . If a directory is selected, then the selected user is granted the privilege of reading and listing or executing the directory content (FileSystemRights.ReadAndExecute and FileSystemRights.ListDirectory and FileSystemRights.Traverse).
  • Modify – When clicking on the Modify button, the selected user will be granted privilege on the selected filesystem object. If a file is selected, then the selected user is granted the privilege of modifying the selected file (FileSystemRights.Modify) . If a directory is selected, then the selected user is granted the privilege of modifying and listing the directory content, as well as creating new files or directories (FileSystemRights.Modify and FileSystemRights.CreateDirectories and FileSystemRights.CreateFiles and FileSystemRights.ListDirectory and FileSystemRights.Traverse).
  • Ownership – When clicking on the Ownership button, the selected user will be granted full control over the selected filesystem object (FileSystemRights.FullControl).

Please note that all permissions denied or granted to a directory are applied recursively to the filesystem objects contained by this directory. The diagram below details the API calls when rights are applied to a filesystem object:

permissions-api-calls

Inspect

On the Inspect tab, for each folder, subfolder or file selected on the left tree view, you can see the corresponding attributed permissions to users or groups on the right tree view.

permissions-inspect TSplus Advanced Security

You can refresh the status of the folders for them to be updated in real-time.

An Audit can be enabled by selecting the desired folder, subfolder or file and click on the “Enable Audit” button at the top:

permissions-inspect-enable-audit

The “View Audit” button allows you to see the corresponding audit on the Event Viewer:

permissions-inspect-view-audit