Displaying rights for an individual user in the console

To view role assignments and Windows access rights for a user in the Access Manager console:

Open Access Manager.
Expand Zones and the parent zone or child zones until you see the zone that has the user of interest.
Right-click, then click Show Effective Windows User Rights.
Select a user to see information for the user in the selected zone or click Browse to select a specific computer in the zone if you only want to view user rights for a particular computer in the selected zone.
Click a tab to see the user’s role assignments, desktop rights, application rights, or network access rights.
- Role Assignments lists the user’s role assignments, including where the assignment was made. For example, the Object Assigned column indicates whether the assignment for a user is explicit (user@domain), from a group (group@domain), or inherited from another setting (All AD Accounts). The Start Time and End Time are only displayed for roles that have time constraints.
- Windows Desktops lists the user’s desktop rights granted by the roles to which the user is assigned. The tab identifies the account that can be used to open a new desktop or run an application, the zone where the desktop right is defined, and the role definition that includes the right.
- Windows Applications lists the user’s application rights granted by the roles to which the user is assigned. The tab identifies the specific application and the account that can be used to run the application, the zone where the application right is defined, and the role definition that includes the right.
- Network Access lists the user’s network access rights granted by the roles to which the user is assigned. The tab identifies the account that can be used to connect to services on a remote computer, the zone where the network access right is defined, and the role definition that includes the right.
Click Close when you are finished reviewing user rights in a zone or on particular computers.