• United States

Perdemia’s Permission Analyzer: How to find out who can get access to what on your network

Oct 25, 20153 mins
Access Control

If you don't know who on your network has access to what, you're making a big mistake.

If you find yourself with the annoying and often frustrating job of wrestling with NTFS and Active Directory permissions I may have the answer for you; a tool called Permission Analyzer published by Perdemia.

Permission Analyzer is actually more than just a way of saving time and effort, it’s also a way of ensuring the operational integrity and security of your network because it can answer questions like “Who has network access to our HR data?” or “Who besides engineering can read files on the development server?” Not being able to definitively answer such questions can expose your organization to significant legal and economic risk particularly in regulated industries.

The first step in using Permission Analyzer is to scan your network which saves directory information and group membership data from AD’s LDAP services in a built-in local database or in an external database (for shared access) and any JDBC external database can be used and Permission Analyzer automatically supports Oracle, DB2, MS SQL, MySQL, PostgreSQL, Derby and H2 databases. Permission Analyzer can be secured with a password and, depending on which license has been purchased, the database can be encrypted to limit access and risk of revelation in the case of a breach.

View permissions trace
View permissions trace

Once scanning has completed you can trace permissions on demand, generate reports, and define policies and permissions can be modified directly from Permission Analyzer 

Tracing permissions, which can be done for users and groups, will show where inherited permissions from a user’s group memberships may not be what is wanted and you can save filters for reports and export the results in HTML or CSV format or via e-mail.

Effective permissions report
Effective permissions report

Reports can generate e-mail notifications if unwanted permissions are detected and you can run Permission Analyzer from the command line with parameters using Windows Scheduler which makes policy automation simple. 

All Permission Analyzer licenses are valid for one year and include support and updates. Trial licenses allow for one server with two root directories with unlimited users and groups while the Basic license ($599.99) allows for unlimited directories, 500 users, and 100 groups, a local database, and with up to three license moves (deactivation and reactivation). Standard license ($899.99) is the Basic license but with five servers, 3,000 users, and 1,000 groups, and adds database encryption. The Enterprise license ($1,299.99) adds external database support with unlimited servers, users, and groups. Finally, the Consultant license ($2,499.99) increase the number of license moves to 200.

If you’re running a network of any complexity and you have content that needs to be protected from inappropriate access then without tools to analyze permissions that you run on a regular basis, you’re running a huge risk. So, if you’re not using a tool like Permission Analyzer, what are you using?

Thoughts? Suggestions? Send me feedback via email or comment below and follow me on Twitter and Facebook.


Mark Gibbs is an author, journalist, and man of mystery. His writing for Network World is widely considered to be vastly underpaid. For more than 30 years, Gibbs has consulted, lectured, and authored numerous articles and books about networking, information technology, and the social and political issues surrounding them. His complete bio can be found at

More from this author