Why does vastool info acl output display different results on QAS 4.x systems than on 3.5 systems ?
The display is different between the version due to code changes in the product.
In QAS 3.5.2, in the AC processing code we added a one-level expansion of groups, and stored those in the AC list themselves. Lots of one-off work for the situation.
In 4.x there is true group unrolling ( processing ALL memberships, even nested/cross forest ). Since it uses the group unrolling, the extra groups into access_control is no longer needed.
Usage: vastool info {command}
acl [-f]
-f Force unrolling all Access Control groups
The acl option displays the access control options currently enforced on the host including whether these are imposed by QAS Group Policy (Native AD group policies) and lists rules by Allow or Deny and by user and group. If the -f flag is specified then all group rules will be unrolled. This can be slow.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center