We are excited to bring administrators a brand new report to display access to your Cerberus FTP folders. Together with the recent addition of secondary group memberships and AD & LDAP reporting features, this report combines and displays all users capable of interacting with your folders, their permissions on the folders, and whether a virtual folder was assigned to the user directly or from a group.
AD and LDAP User Report Filtering Options
In addition to native users, you may customize your folder report in a similar fashion to the account reports for AD and LDAP authentication sources. When the Account Report type is selected in the Report Manager, the administrator is presented with a list of authentication sources for reporting. You can generate different reports for one or more sources at a time.
Explanation of Report
The primary report table is the Folder Listing table. This maps the folder path to a listing of all the users who have access to that folder. Each user’s row consists of their name and a number matching the Authentication source for the user. This helps differentiate between multiple users named “Admin” from Active Directory, LDAP, or Cerberus sources. The display name of “Cerberus” are users defined natively in Cerberus FTP itself. The Active Directory Authentication Source display name of “AD Users (pacman.local)” is displayed next to the corresponding AD user name as seen below.
There is so much information in the Folder Access column for each user – we only show the user count for each virtual directory and display the specific users when clicking on the Users button in the Folder Access column. You may switch between seeing the user access count and a full user list for all users via the “Expand” and “Collapse” buttons on the report toolbar to expand or hide information for all users in a report table. We also give admins the ability to view a user’s combined permissions and how they accessed the folder by expanding the user row even further in the report and by clicking the “Permissions” button on the toolbar. Permissions mechanics are broken down further later on in this document.
The image above presents examples of expanded user permissions blocks. Permissions show all the ways a user can interact with a folder, and are represented here as a set of blocks – a filled in block being a granted permission and an empty space representing a denied permission. When a virtual folder was directly mapped to a user, as ‘duWop’ from above, there won’t be an “Inherited from” tag. If a user was granted access to a folder via groups, then the specific group will be listed such as from “LilJohnnyTables_CLONE”. Finally, if a user has both a group and a direct mapping to a folder, then a blank icon represents the direct mapping to a native user and in the case of an AD or LDAP user a “Directly Mapped” tag.
There is a new button to display a legend with the titles of the permission boxes, and mapping the shorthand letters to what rights a user has while accessing that folder. This has been added to all other usages of the folder permissions boxes including user and group management and user report.
Folder Permissions In Depth
The expanded folder permissions per user is a merge of all folder access permissions a user has from across all their virtual directories. The first diagram below shows the virtual folders of user “aba” and of specific note, is the “C:\ftproot\aaa” path available to the user through both an explicit mapping and multiple group mappings. Visible in the below screenshot of the User Manager virtual directories tab for the user, we see a variety of permissions granted to different folders off of the user’s primary directory.
In the second screenshot of the folder report, we are given the users who have access to the “C:\ftproot\aaa” folder, and user “aba” has one line representing it’s access instead of three from it’s different folders. However, the folder permissions are a merge of all the permissions available across the three folders. This lets an administrator know at a glance all the ways a user can interact with this folder. The “Inherited from” tag expands to list the two group mappings this user has this folder from, and an ‘empty’ icon representing the direct virtual directory mapping.
After a folder report has been created, an administrator might want to view this data in an Excel spreadsheet. To assist in this, there is also a “CSV Export” button which creates a report with this data.
The headers are: “Folders”, “User”, “Authentication Source”, “Permissions”, “Download”, “Upload”, “Rename”, “Delete”, “CreateDir”, “DisplayHidden”, “ListDir”, “ListFiles”, “Zip”, “Unzip”, “PubDownload”, “PubUpload”
Starting with the path name listed under “Folder”, we have the user name “User”, and the GUID relating to the authentication source referenced in user.xml and settings.xml files. Then a number corresponding to the permissions similar to the values in other csv exports, and finally an X/“ ” check for each of the permissions mapping to the boxes from the report itself. An Excel import can easily choose which comma delimited column to import or exclude at a later date.
These exciting new features are available now in Cerberus FTP Server version 12.3 and beyond. Improvements specific to Active Directory are applicable to the Professional edition and higher, while reporting enhancements are available in our Enterprise edition. We look forward to hearing how our customers use these features and how any additional improvements would help you with your file sharing needs. As always, we would love to hear your feedback.