Troubleshooting Permissions

Because of the flexibility of being able to assign permissions at any point in the folder structure, it can sometimes be difficult to understand why one user has permissions to an object while another user doesn't have the same permissions to the object.

Venafi Platform provides the ability to view and compare permissions between users for a given object, allowing you to see where in the folder structure one user is given permissions to an object where another user might not be. This feature is called "Troubleshoot Permissions." This feature is available to master administrators, as well as users with the manage permissions right.

NOTE Remember, your ability to search user accounts is limited to the accounts in your own identity provider (also called a directory ).

To troubleshoot permissions

Open the object details page, and click Permissions in the sidebar.
In the Cumulative Permissions section, click Troubleshoot Permissions.
Enter the identity (or identities) you want to review or compare.

For each identity, you see the effective permissions granted to that identity at any level of the folder structure. If an identity has permissions granted in multiple places in the folder structure, you see the individual entries, followed by a summary of all permissions they have to the object. If you have the manage permissions privilege for an object or identity, you can click its name to see permissions information.

You cannot edit the permissions in this view. This view simply shows you where in the folder structure permissions have been added or removed.

NOTE You can also view permissions for policy objects by clicking Configuration in the TLS Protect menu bar, and then clicking Folders. Locate the policy folder you want to edit, and open it, and then click Permissions.