Privileges in the Risk Fabric console are either assigned directly to portal user accounts or are inherited through portal roles. Portal users can be assigned portal roles or can inherit roles through membership in portal groups. Portal groups can include discrete portal users, Active Directory groups, or a mix of both. Privileges are never assigned directly to portal groups; instead, portal groups inherit privileges through portal role assignments.

By default, users do not have privileges to view any incidents or events in ICA. These privileges must be either explicitly assigned to a portal user or inherited by a portal user through his or her role assignments (which can be inherited through group membership). For more information about privileges and privilege scoping, refer to the Privileges Configuration section of the Symantec ICA Administrator Guide.

Release : 6.x

Component : Portal Privileges

The attached script [PortalUserAudit.sql] will return a list of a portal user's assigned and inherited privileges along with a list of their associated portal groups and portal role assignments. To use this script, follow this procedure:

1. Download PortalUserAudit.sql from this article
2. Open SQL Server Management Studio (SSMS)
3. Connect to the Database Engine hosting the RiskFabric relational database
4. From the File menu, select Open > File...
   The Open File window opens
5. In the Open File window, navigate to the location to which you saved the script file
6. Select the script file and click the Open button
7. If prompted to connect to a database engine, select the server name and instance hosting the RiskFabric relational database and click the Connect button
8. In the new query editor window containing the script, confirm the database name on line 1 matches the database name used for ICA in your environment, and change it if necessary
9. Edit line 4 to pass the AD account name of the user for whom the script should return output
10. Execute the script by pressing the F5 key, clicking the Execute button in the SQL Editor toolbar, or selecting Execute from the Query menu