Permission Info
Overview
Evidence: Permission Info Description: ESXi Permission Info Category: System Platform: esxi Short Name: perminfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
Permission information defines user and group access rights to ESXi resources, VMs, datastores, and management functions. Permission assignments control what actions users can perform and are frequently targeted for privilege escalation attacks or persistence establishment.
Data Collected
This collector gathers structured data about permission info.
Permission Info Data
Principal
Principal
Example value
IsGroup
Is Group
Example value
RoleName
Role Name
Example value
RoleDescription
Role Description
Example value
Collection Method
This collector parses permission assignments, extracting user/group identifiers, assigned roles, permission levels, resource targets (VMs, hosts, datastores), inheritance settings, and effective permissions for each access control entry.
Forensic Value
Permission analysis reveals unauthorized privilege grants, identifies excessive permissions, detects role assignment anomalies, and traces access control modifications. Unexpected permission changes or overly broad grants indicate potential compromise or insider threat activity.
Last updated
Was this helpful?