EffectiveUserPrivileges_Computer View

The EffectiveUserPrivileges_Computer view lists consolidated role assignments, logon privileges, and system rights’ privileges for each user and computer.

Column Name

Description

Refers to

ADComputer_CanonicalName

The canonical name of the computer

 

ADComputer_CnName

The Active Directory computer’s common name.

 

ADComputer_DnsHostName

The DNS host name of the computer

 

ADComputer_ObjectName

The object name of the computer, in the format of <computer CN>.<computer domain>.

 

ADUser_CanonicalName

The canonical name of the assigned Active Directory user. It will be null when trustee type = 7

 

ADUser_FullName

The full name of the assigned Active Directory user. It will be null when trustee type = 7

 

ADUser_GUID

The GUID of the assigned Active Directory user. It will be null when trustee type = 7

ADUsers.ADUser_GUID

ADUser_Name

The name of the assigned Active Directory user. It will be null when trustee type = 7

 

ADUser_ObjectName

The display name for the Active Directory user, formatted as <user samAccountName>@<domain name>.

 

ADUser_SamAccountName

The samAccount name of the assigned Active Directory user. It will be null when trustee type = 7

 

ADUser_Upn

The upn name of the assigned Active Directory user. It will be null when trustee type = 7

 

Assigned_Location

The name of the source assignment location. It might be the zone name, computer dns host name or Computer Role name, depends on the location type

 

Assigned_LocationType

The type of the source assignment location

1 – Zone

2 – Computer

3 – Computer Role

 

Assigned_LocationTypeDesc

The display value of the source assignment location

Zone

Computer

Computer Role

 

Effective_AllowConsoleLogon

If this user has ‘console logon’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

Effective_AllowLogon

If this user can logon this computer

 

Effective_AllowNonPasswordLogon

If this user has ‘non password logon’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

Effective_AllowNonRestrictedShell

If this user has ‘non restricted Shell’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

Effective_AllowPasswordLogon

If this user has ‘password logon’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

Effective_AllowPsRemoteAccess

If this user has the 'PowerShell Remote Access' right on this computer

0 - No; 1 - Yes; Null - N/A

 

Effective_AllowRemoteLogon

If this user has ‘remote logon’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

Effective_AuditLevel

The human readable text of the effective audit level for this user on this computer

0 – Audit not required, 1 –Audit if possible, 2 – Audit required

 

Effective_CloudAuthorizationRequired

If this user has ‘Cloud authorization required’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

Effective_HasRescueRight

If this role grants ‘rescue’ right to this user on this computer

0 – No, 1 – Yes

 

Effective_HasVisibleRight

Specifies if the user is visible on this computer

 

Effective_IgnoreDisabled

If this user has ‘ignore disabled’ right on this computer

0 – No, 1 – Yes, Null – N/A

 

EffectiveZone_Id

The ID of the effective zone for the privilege assignment

Zones.Zone_Id

Zones_Hierarchical.Zone_Id

EffectiveZone_Name

The name of the effective zone for the privilege assignment

 

Grants_AuditLevel

If this role grants the effective Audit level

0 – Audit not required, 1 – Audit if possible, 2 – Audit required

Given the Effective AuditLevel is 0

If this roles’s AuditLevel equals to the Effective Audit Level, then this column is 1 – Yes, Otherwise, 0 -- No

 

Grants_CloudAuthorizationRequired

If this role grants ‘Cloud authorization required’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_ConsoleLogon

If this role grants ‘console logon’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_HasVisibleRight

Specifies if the role grants the visible right to this user on this computer.

 

Grants_IgnoreDisabled

If this role grants ‘ignore disabled’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_Logon

If this role grants logon

 

Grants_NonPasswordLogon

If this role grants ‘non password logon’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_NonRestrictedShell

If this role grants ‘non restricted Shell’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_PasswordLogon

If this role grants ‘password logon’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_PsRemoteAcccess

If this role grants the 'PowerShell Remote Access' right to this user on this computer

0 - No; 1 - Yes; Null - N/A

 

Grants_RemoteLogon

If this role grants ‘remote logon’ right to this user on this computer

0 – No, 1 – Yes, Null – N/A

 

Grants_RescueRight

If this user has ‘rescue’ right on this computer

0 – No, 1 – Yes

 

Right_FullName

The full name of the right. Format in

<Right name> / <Right’s zone name>

 

Right_GUID

The GUID of the right

Rights.Right_GUID

Right_Name

The name of the right

 

Right_Platform

Whether the right applies to windows, unix or both.

 

Right_Platform_Desc

The display value of the right platform

 

Right_Type

The ID of the right type

RightType.RightTypeId

Right_Type_Desc

The display value of the right type (see RightTypes view)

 

Role_FullName

The full name of the role. Format in

<Role name> / <Role’s zone name>

 

Role_GUID

The GUID of the role

Roles.Role_Id

Role_Name

The name of the role

 

RoleAssignment_GUID

The object GUID of the role assignment

RoleAssignments.RoleAssignment_GUID

Trustee_Id

The GUID of the trustee

Trustee_Type = 1: ADUsers.ADUser_GUID

Trustee_Type = 2:

ADGroups.ADGroup_GDUI

Trustee_Name

The name of the trustee

 

Trustee_Type

The type of the trustee

1 – Active Directory users

2 – Active Directory groups

7 – All Active Directory users

 

Trustee_Type_Desc

The display value of the trustee

Active Directory users

Active Directory groups

All Active Directory users

 

ZoneComputer_Id

The zone computer ID

ZoneComputer.ZoneComputer_Id