Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-9100: Why does "Show Effective Windows User Rights" show results when no Windows Rights have been assigned?

Authentication Service ,  

28 August,17 at 02:28 PM

In Access Manager, why does "Show Effective Windows User Rights" show results when no Windows Rights have been assigned?
For example, I create a zone named Global and assign the "Unix Login" role to the user tetsu (fig1). When I right click on the Global zone and select "Show Effective Windows User Rights" (fig2) it shows tetsu as having "UNIX Login" role (fig3) even though I have not assigned him Windows Rights.

User-added imageUser-added image
User-added imageUser-added image

Show effective Unix user required a combination of Unix profile (identity) and role assignment (access control) check. If a user missed either one of the requirement, it will show no result as this is not a complete setup.
But for show effective Windows user, Windows user identity already exist in AD and since both Unix login role and Windows login role are actually the same Azman object with different attribute set only (In GUI, Windows authorization configuration also exist in Unix login role). Therefore, the Unix role assignment will show up.
A role can contain any combination of Windows rights, UNIX rights and system rights.
Besides, roles has audit / rescue / MFA flags that affect both UNIX and Windows.
You can also say all roles are always both Windows and UNIX.
e.g. Even for UNIX login role, it has "Audit if possible" that also affect Windows.