Frequently Asked Questions

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 7분

    • Frequently asked questions while using Access Analyzer.

    Evaluate Access

    The following are frequently asked questions while using the Evaluate Access feature of Access Analyzer:

    표 1. Frequently asked questions
    Questions Explanation
    How to read the evaluation results displayed by the Access Analyzer?

    Each row represents an individual access control list (ACL). The sequence (#) in the results represents the order in which ACLs are evaluated. Status shows whether overall access is granted (passed) or denied (blocked).
    How are ACLs evaluated?

    At a table level, ACLs are evaluated only for roles and security attributes. Conditions and scripts aren’t evaluated.

    Roles are evaluated first. If Roles are blocked, conditions and scripts are skipped. For more information, see Configure an ACL rule.
    What are the legends in Access Analyzer?

    When Analyzing the access and permissions, legends are displayed as part of the evaluation process. The following are the legends:

    • [Passed] Access granted
    • [Blocked] Access denied
    • [Skipped] Didn’t evaluate
    • [Undefined] No rule found
    What is the Alert icon in the Access results mean?

    Alert Icon in any status indicates the presence of a script in the ACL. Review highlighted ACLs to understand the final access. To know more about how these controls are evaluated and review the logic used to determine the access, see Access Analyzer Debug logs.
    What is IAccesshandler?

    An internal system check using hidden source code on the platform. It’s a system security check that you can’t modify. IAccessHandler can grant or deny access to a resource without evaluating ACLs.

    If this IAccessHandler is ignored, then the ACLs are evaluated. For example, an IAccessHandler implementation is used for access checks on application resources such as read-only access.
    What are data filters? Data filters are a form of access control designed to work along with the existing Access Control rules (ACLs) on your instance.
    What is an ACL rule? Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.

    Time limited role assignments found for the user may impact results. You can review the time-limited roles assigned for the user here.

    Compare user records

    The following are frequently asked questions while using the Compare user record feature in Access Analyzer:

    표 2. Frequently asked questions
    Questions Explanation
    How to read the results on the Details tab? The Details tab displays the metadata associated with user 1 and user 2
    How to grant a role to a user? From the Roles tab, you can check the role that must be granted for the user and assign that role.
    How to add a user to a group? From the Groups tab, you can check the group the user must be added and add the user to the group.
    What is Show differences only? When you enable the Show differences only check box, only the roles or groups that are different between the user 1 and user 2 are shown.

    Compare user access

    The following are frequently asked questions while using the Compare user access feature in Access Analyzer:

    표 3. Frequently asked questions
    Questions Explanation
    How to read the results on the access control comparison page? The access control comparison page displays the evaluation states for different ACL operations.
    What are the different evaluation states?

    Evaluation states include:

    • Passed
    • Blocked
    What is Show differences only? When you enable the Show differences only check box, only the operation evaluation states that are different between the user 1 and user 2 are shown.
    How is the ACL operation evaluated?

    Rules for access control lists (ACLs) restrict access to specific data by requiring users to pass a set of requirements before they can interact with it. Within an ACL, the following hierarchy is evaluated:

    • Role
    • Security Attribute
    • Condition
    • Script
    How to read the results shown on the Role Hierarchy page? The Role Hierarchy page displays roles that are assigned to user 1 and user 2. If a user needs access to a certain operation, you can determine the necessary role and group assignments.
    How can I see the details of the user? You can select the User (node) > More actions > View user details to know more about the user.
    How can I see the details of the role? You can select the Role (node) > More actions > View role details to know more about the role.
    How can I see the details of the resources the role can access? You can select the Role (node) > More actions > View all resources that the role has access to know the resources the role can access.
    How can I see the details of the group? You can select the Group (node) > More actions > View group details to know more about the group.