Account View

The Account View (also called Principal View) reorganizes the same audit data to show permissions from the perspective of users and groups rather than folders. Instead of asking “who has access to this folder?”, the Account View answers “which folders can this account access?”

Switching to Account View

The Account View is available as a separate tab within the report view. When you switch to it for the first time after an audit, the application processes the audit data to build the account-oriented structure. You will see a “Preparing account view…” progress message — this is a one-time operation per audit.

Once prepared, you can switch freely between the Folder View and Account View without reprocessing.

Account List

The Account View shows a grid where each row represents a security principal — a user, group, or computer account that has permissions somewhere in the audited directories. The columns include:

• Account name — The logon name (e.g., DOMAIN\jsmith)
• Display name — The friendly name from Active Directory
• Account type — User, Group, or Computer
• Description — The AD description field
• SID — The security identifier
• Manager — The account’s manager from AD
• Department — The department field
• Job title — The job title field
• Account disabled — Whether the account is disabled in AD

Expanding Account Rows

Each account row is expandable. Click to reveal all the folders that account has permissions on. For each folder entry, you see:

• Folder name and full path
• Folder owner
• Inherits permissions — Whether the folder inherits from its parent
• Parent group name — If the account has access through a group membership, shows which group granted the permission
• Applies to — The scope of the permission
• Permission type — Allow or Deny
• Basic permissions — Full Control, Modify, Read, etc.
• Advanced permissions — The granular NTFS rights

Sorting and Grouping

Like the Folder View, the Account View supports sorting and grouping by any column. Some useful patterns:

• Group by Account type — Quickly separate users from groups and see how many of each type have permissions
• Sort by Department — See all Finance users together, all HR users together, etc.
• Sort by Account disabled — Find disabled accounts that still have permissions (a common security issue)
• Group by Parent group — See which group memberships are granting the most access

Common Use Cases

“What can this user access?” — Find the user in the account list and expand their row to see every folder they have permissions on, either directly or through group memberships.

“Which disabled accounts still have permissions?” — Sort or filter by the “Account disabled” column. Any disabled accounts with folder entries represent stale access that should be cleaned up.

“Which groups grant the most access?” — Look at group-type accounts and expand them to see how many folders each group has permissions on.

“Who has Full Control across the file server?” — Combined with a filter for Full Control permissions, the Account View shows every user and group with Full Control and exactly which folders it applies to.

Exporting the Account View

When exporting audit results (Pro feature), you can choose to export either the Folder View or the Account View. The Account View export creates a flat file with one row per account-folder-permission combination, which is useful for importing into spreadsheets or databases for further analysis.

The exported columns match what you see in the Account View grid, and can be customized in the column settings. See Exporting Reports for details.

Filter Interaction

When a filter is applied, the Account View reflects the same filter criteria as the Folder View. If you apply a filter in the Folder View and then switch to the Account View, the view is automatically reprocessed to show only matching results.

Note that applying or clearing a filter when the Account View has been prepared will trigger a re-preparation of the view, since the underlying data needs to be rebuilt with the new filter state.