# Permission Info

## Overview

**Evidence:** Permission Info\
**Description:** ESXi Permission Info\
**Category:** System\
**Platform:** esxi\
**Short Name:** perminfo\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Permission information defines user and group access rights to ESXi resources, VMs, datastores, and management functions. Permission assignments control what actions users can perform and are frequently targeted for privilege escalation attacks or persistence establishment.

## Data Collected

This collector gathers structured data about permission info.

### Permission Info Data

| Field             | Description      | Example       |
| ----------------- | ---------------- | ------------- |
| `Principal`       | Principal        | Example value |
| `IsGroup`         | Is Group         | Example value |
| `RoleName`        | Role Name        | Example value |
| `RoleDescription` | Role Description | Example value |

## Collection Method

This collector parses permission assignments, extracting user/group identifiers, assigned roles, permission levels, resource targets (VMs, hosts, datastores), inheritance settings, and effective permissions for each access control entry.

## Forensic Value

Permission analysis reveals unauthorized privilege grants, identifies excessive permissions, detects role assignment anomalies, and traces access control modifications. Unexpected permission changes or overly broad grants indicate potential compromise or insider threat activity.