Online Manual
Principal View
The Principal View flips the perspective of your permission analysis, organizing data by security principals (users and groups) rather than by objects. This view helps you understand what access each user or group has across your Active Directory environment.
Accessing Principal View
To access the Principal View:
- Generate a report or load an existing one
- Click on the "Principal View" tab in the report viewer
Note: When you first switch to the Principal View tab, there may be a brief delay as the application generates the principal-based data structure.
Understanding the Principal View
The Principal View is organized as a master-detail grid:
Principals Grid (Master)
The top grid shows all security principals (users, groups, computers) that have permissions in your Active Directory. For each principal, you'll see:
- Account - The sAMAccountName of the principal
- Display Name - The display name, if available
- Type - The type of principal (User, Group, Computer, etc.)
- Description - The description of the principal
- Department - For users, their department
- Manager - For users, their manager
- Job Title - For users, their job title
- SID - The Security Identifier of the principal
Objects Grid (Detail)
When you select a principal in the top grid, the bottom grid shows all objects where that principal has permissions:
- Name - The name of the AD object
- Path - The path of the object in the directory
- Owner - The owner of the object
- Inheritance - Whether the object inherits permissions
- Type - Allow or Deny permission
- Inherited - Whether the permission is inherited
- Applies To - Where the permission applies
- Parent Group - If applicable, through which group the permission is granted
The remaining columns show detailed permission breakdowns:
Basic Permissions Columns
- Full Control
- Modify
- Read and Execute
- List Contents
- Read
- Write
- Special
Advanced Permissions Columns
- Full Control
- Traverse/Execute
- List/Read Data
- Read Attributes
- Read Ext. Attrs
- Create/Write Data
- Create/Append Data
- Write Attributes
- Write Ext. Attrs
- Delete Subfolders
- Delete
- Read Permissions
- Change Permissions
- Take Ownership
Filtering the Principal View
The Principal View provides several filtering options:
Quick Filter Dropdown
Use the "Filter" dropdown to quickly filter by principal type:
- All Principals - Show all security principals
- Users Only - Show only user accounts
- Groups Only - Show only groups
- Computers Only - Show only computer accounts
Search Box
Use the "Search" text box to find specific principals or objects. This searches across all columns in both the principal grid and the objects grid.
Column Filters
Each column in both grids has its own filter capability:
- Click the filter icon in any column header
- Choose from the provided filter options or enter a custom filter
- The grid will update to show only matching rows
Sorting and Grouping
Like the Table View, the Principal View supports sorting and grouping:
- Click any column header to sort by that column
- Drag column headers to the grouping area to group by those columns
- Expand or collapse groups as needed
Analyzing Principal Data
The Principal View is particularly useful for:
- User access reviews - See all the permissions a particular user has across your AD
- Group permission analysis - Understand the reach of group permissions
- Security audits - Identify users or groups with excessive permissions
- Access cleanup - Find permissions that should be removed or adjusted
Exporting Principal View Data
Export the Principal View data for external analysis:
- Use the "Export" buttons at the top of the view
- Choose from Excel, PDF, or HTML formats
- The export will include all currently visible data (respecting any active filters)
The Principal View is particularly valuable in access review scenarios, where you need to understand what permissions specific users or groups have across your environment, rather than focusing on the permissions for specific objects.
For different perspectives on your AD permissions, check out the AD Objects View and Table View pages.