Documentation

Permissions Reporter Help

File Permissions Report

The File Permissions Report tab in Project Settings controls which files are included in the File Permissions Report. The file report identifies files with permission configurations that differ from their parent folders, helping you identify potential security anomalies.

General Settings

  • Enable file permissions report - Master toggle for the file permissions report. When disabled, no file-level permission data is collected during scans, which reduces memory usage and scan time.
  • Exclude system files from file permissions report - Excludes files with the NTFS "system" attribute set. This is enabled by default to reduce noise from operating system files.
  • Maximum number of file report entries - Limits how many files appear in the report. The default is 999,999 entries. Set to -1 for unlimited entries, but be aware this may significantly increase memory consumption on large file systems.

Include in File Report

These options control which files are flagged for inclusion in the report. At least one inclusion criterion must be enabled.

  • Files not inheriting permissions from their parent folder - Identifies files where inheritance has been disabled. These files have had their inheritance chain explicitly broken, which may indicate intentional security configuration or an oversight.
  • Overexposed files granting explicit access to broadly-scoped groups - Identifies files that grant explicit (non-inherited) permissions to commonly overprivileged security principals. Click Configure Groups & Thresholds to select which groups to monitor and set permission thresholds for each. For each selected group, specify a permission threshold: Read, Write, Modify, or Full Control. Files granting permissions at or above this threshold to the selected group will be included in the report.
  • Files with permissions not present on parent folder - Flags files that have permissions granted to principals who do not have equivalent access on the parent folder. This can reveal files with expanded access beyond what the folder hierarchy would suggest.
  • Files with permissions present only on parent folder - Flags files that are missing permissions present on their parent folder. This can identify files with restricted access relative to their container.

Permission Comparison Options

When comparing file permissions to parent folder permissions, you can control how granular the comparison is:

  • Type (allow / deny) - Considers the ACE type (Allow vs Deny) when comparing permissions.
  • Inherited - Considers whether the permission is inherited or explicitly assigned.
  • Rights - Considers the specific permission rights (Read, Write, Modify, etc.) when comparing.

Track file inclusion details - When enabled, Permissions Reporter retains detailed information about why each file was included in the report (e.g., which specific permission differences were detected). This information is displayed as expandable nodes in the file report and can be included in exports. Note that this option increases memory usage.

File Attribute Exclusions

Exclude files based on their NTFS attributes:

  • Exclude system files - Excludes files with the System attribute.
  • Exclude hidden files - Excludes files with the Hidden attribute.
  • Exclude temporary files - Excludes files with the Temporary attribute.

File Exclusion Patterns

Use pattern-based exclusions to filter out specific files by name or extension:

  • Exclude files by pattern - Enable this option to activate pattern-based filtering.
  • Enter patterns in the text box, separated by commas. Patterns support wildcards:
    • * matches any sequence of characters
    • ? matches any single character
    • [abc] matches any character in the set
    • [0-9] matches any digit

Examples:

  • .tmp - Excludes files with the .tmp extension
  • *.bak* - Excludes files containing ".bak" in the name
  • Thumbs.db - Excludes files named exactly "Thumbs.db"
  • test_*.log - Excludes log files starting with "test_"
  • backup[0-9]* - Excludes files starting with "backup" followed by a digit

Click Restore Defaults to reset the exclusion patterns to the default set.

Performance Considerations

The file permissions report analyzes every file in the scanned folders, which can be resource-intensive on large file systems. To optimize performance:

  • Use the maximum entries limit to cap memory usage
  • Enable attribute-based exclusions to skip system, hidden, or temporary files
  • Use pattern exclusions to filter out backup files, logs, and other non-essential file types
  • Consider disabling the file report entirely if you only need folder-level permission analysis

PRODUCT

FEATURES

SUPPORT

SAFE. TRUSTED. GUARANTEED.

  • 100% malware free
  • 100% spyware free
  • 100% adware free
  • 100% quality software