azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0b98f769ea97f103e85d48e3fa3fa42e45f577d
claudetools/clients/cascades-tucson/docs/migration/synology-permission-inventory.md
Howard Enos af4ad0aea3 cascades: CS-SERVER preflight verified + Synology discovery complete 
CS-SERVER post-reboot verification: time sync, TLS 1.2 enforcement, and
Windows Server Backup feature all persisted cleanly. dcdiag clean. Ready
for Entra Connect install.

Synology cascadesDS permission inventory captured via DSM API (SSH
disabled by default on Synology). 35 users, 4 groups, 10 shares.
Analysis identifies 7 shared-account role logins (HIPAA violation),
8 departed-employee accounts to clean up, and 4 shares needing
Meredith-side confirmation before migration (pacs most sensitive).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 18:59:38 -07:00

15 KiB
Raw Blame History

Synology cascadesDS — Permission Inventory (2026-04-22 via DSM API)

Source: docs/migration/synology-permission-inventory-raw.md Method: DSM HTTP API v7 via CS-SERVER GuruRMM agent (SSH not enabled on Synology as of 2026-04-22)

Summary counts

  • Synology local users: 35
  • Synology local groups: 4
  • Shares: 10

Users

Name UID Expired Email Description Groups
Accounting - no -
admin - no System default user -
Amber M Lee - no -
Ann Dery - no -
Anna Pitzlin - no anna.pitzlin@cascadestucson.com -
Ashley Jensen - no ashley.jensen@cascadestucson.com -
Britney Thompson - no Britney.Thompson@cascadestucson.com -
CasAdmin201 - no -
ChristinaDupras - no -
Crystal Rodriguez - no Crystal.rodriguez@cascadestucson.com -
Crystal Suszek - no crystal.suszek@cascadestucson.com -
Dining Manager - no -
Front Desk - no -
guest - yes Guest -
guru - no -
Haris Durut - no haris.durut@cascadestucson.com -
JD Martin - no jd.martin@cascadestucson.com -
John Trozzi - no -
Karen Rossini - no karen.rossini@cascadestucson.com -
Lois Lane - no -
Lupe Sanchez - no -
mcnurse - no -
Megan Hiatt - no -
Memcare Receptionist - no memcarereceptionist@cascadestucson.com -
memcarenurse - no memcarenurse@cascadestucson.com -
meredith kuhn - no meredith.kuhn@cascadestucson.com -
Monica RamirezRossette - no accounting@cascadestucson.com -
Nela Durut-Azizi - yes nela.durut-azizi@cascadestucson.com -
Nurse Tower - no -
Shelby Trozzi - no shelby.trozzi@cascadestucson.com -
Stephanie Devin - no Stephanie.devin@cascadestucson.com Accounting Assist -
Susan Hicks - no -
Tamra Johnson - no tamra.johnson@cascadestucson.com -
Veronica - no -
VPNClient - no -

Groups

Name GID Type Description Members
administrators - - (unable to enumerate via API — error 3201)
http - - (unable to enumerate via API — error 3201)
MainOffice - - (unable to enumerate via API — error 3201)
users - - (unable to enumerate via API — error 3201)

Note: DSM API SYNO.Core.Group.Member returned error 3201 for all groups with this API path; membership was only partially available via the members additional field on the group list call. Full membership requires DSM web UI or CLI synogroup --get <name> via SSH.

Shares

Share Volume Path Hidden Description
Activities /volume1 False
chat /volume1 False
homes /volume1 False
Management /volume1 False
pacs /volume1 False
Public /volume1 False
SalesDept /volume1 False
Sandra Fish /volume1 False
Server /volume1 False
web /volume1 False

Effective share permissions

"Admin(full)" means the account inherits full control via administrators-group membership. "RW" means explicitly writable. "DENY" means explicitly denied (wins over everything else in Synology ACL order). Blank / absent means no explicit permission (effectively no access beyond what the users group grants).

Share: Activities

Groups:

Group Effective
MainOffice DENY
administrators Admin(full)
http -
users RW

Users with explicit permission:

User Effective Status
Accounting DENY ROLE (HIPAA concern)
admin RW service/admin
Ann Dery DENY DEPARTED
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras DENY current
Crystal Rodriguez DENY current
Crystal Suszek DENY current
Dining Manager DENY ROLE (HIPAA concern)
Front Desk DENY ROLE (HIPAA concern)
guest DENY service/admin
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
mcnurse DENY ROLE (HIPAA concern)
Megan Hiatt DENY current
Memcare Receptionist DENY ROLE (HIPAA concern)
memcarenurse DENY ROLE (HIPAA concern)
meredith kuhn DENY current
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi DENY current
Stephanie Devin RW current
Susan Hicks DENY current
Tamra Johnson DENY DEPARTED
Veronica RW current
VPNClient DENY service/admin

Share: Management

Groups:

Group Effective
MainOffice -
administrators RW
http -
users -

Users with explicit permission:

User Effective Status
Accounting RW ROLE (HIPAA concern)
admin RW service/admin
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
Crystal Rodriguez RW current
Crystal Suszek RW current
guru RW service/admin
Lois Lane DENY current
Megan Hiatt RW current
meredith kuhn RW current
Shelby Trozzi RW current
Stephanie Devin RW current
Tamra Johnson RW DEPARTED
Veronica RW current

Share: Public

Groups:

Group Effective
MainOffice DENY
administrators RW
http -
users RW

Users with explicit permission:

User Effective Status
Accounting RW ROLE (HIPAA concern)
admin RW service/admin
Amber M Lee RW DEPARTED
Ann Dery RW DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras RW current
guru RW service/admin
JD Martin RW current
Karen Rossini DENY current
meredith kuhn Admin(full) current
Shelby Trozzi Admin(full) current
Stephanie Devin RW current
Veronica RW current

Share: SalesDept

Groups:

Group Effective
MainOffice DENY
administrators Admin(full)
http -
users RW

Users with explicit permission:

User Effective Status
admin RW service/admin
Ann Dery DENY DEPARTED
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras DENY current
Dining Manager DENY ROLE (HIPAA concern)
Front Desk DENY ROLE (HIPAA concern)
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
mcnurse DENY ROLE (HIPAA concern)
Megan Hiatt RW current
Memcare Receptionist DENY ROLE (HIPAA concern)
memcarenurse DENY ROLE (HIPAA concern)
meredith kuhn Admin(full) current
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi Admin(full) current
Veronica RW current

Share: Sandra Fish

Groups:

Group Effective
MainOffice DENY
administrators Admin(full)
http -
users -

Users with explicit permission:

User Effective Status
Accounting DENY ROLE (HIPAA concern)
admin RW service/admin
Ann Dery DENY DEPARTED
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras DENY current
Crystal Rodriguez DENY current
Crystal Suszek DENY current
Dining Manager DENY ROLE (HIPAA concern)
Front Desk DENY ROLE (HIPAA concern)
guest DENY service/admin
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
mcnurse DENY ROLE (HIPAA concern)
Memcare Receptionist DENY ROLE (HIPAA concern)
memcarenurse DENY ROLE (HIPAA concern)
meredith kuhn DENY current
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi DENY current
Susan Hicks DENY current
Tamra Johnson DENY DEPARTED
Veronica RW current
VPNClient DENY service/admin

Share: Server

Groups:

Group Effective
MainOffice RW
administrators RW
http -
users -

Users with explicit permission:

User Effective Status
Accounting DENY ROLE (HIPAA concern)
admin RW service/admin
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras RW current
Crystal Rodriguez DENY current
Crystal Suszek DENY current
Dining Manager DENY ROLE (HIPAA concern)
Front Desk DENY ROLE (HIPAA concern)
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
Memcare Receptionist DENY ROLE (HIPAA concern)
meredith kuhn Admin(full) current
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi Admin(full) current
Tamra Johnson DENY DEPARTED
Veronica RW current

Share: chat

Groups:

Group Effective
MainOffice DENY
administrators RW
http -
users -

Users with explicit permission:

User Effective Status
Accounting DENY ROLE (HIPAA concern)
admin RW service/admin
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras DENY current
Crystal Rodriguez DENY current
Crystal Suszek DENY current
Dining Manager DENY ROLE (HIPAA concern)
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
mcnurse DENY ROLE (HIPAA concern)
Memcare Receptionist DENY ROLE (HIPAA concern)
memcarenurse DENY ROLE (HIPAA concern)
meredith kuhn Admin(full) current
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi Admin(full) current
Tamra Johnson DENY DEPARTED
Veronica RW current

Share: homes

Groups:

Group Effective
MainOffice RW
administrators RW
http -
users -

Users with explicit permission:

User Effective Status
admin RW service/admin
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
Front Desk DENY ROLE (HIPAA concern)
guru RW service/admin
Karen Rossini RW current
Lois Lane DENY current
meredith kuhn Admin(full) current
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi Admin(full) current
Stephanie Devin RW current
Veronica RW current

Share: pacs

Groups:

Group Effective
MainOffice DENY
administrators RW
http -
users -

Users with explicit permission:

User Effective Status
Accounting DENY ROLE (HIPAA concern)
admin RW service/admin
Ann Dery DENY DEPARTED
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras DENY current
Crystal Rodriguez DENY current
Crystal Suszek DENY current
Dining Manager DENY ROLE (HIPAA concern)
Front Desk DENY ROLE (HIPAA concern)
guest DENY service/admin
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
mcnurse DENY ROLE (HIPAA concern)
Megan Hiatt DENY current
Memcare Receptionist DENY ROLE (HIPAA concern)
memcarenurse DENY ROLE (HIPAA concern)
meredith kuhn DENY current
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi DENY current
Susan Hicks DENY current
Tamra Johnson DENY DEPARTED
Veronica RW current
VPNClient DENY service/admin

Share: web

Groups:

Group Effective
MainOffice DENY
administrators Admin(full)
http -
users -

Users with explicit permission:

User Effective Status
Accounting DENY ROLE (HIPAA concern)
admin RW service/admin
Ann Dery DENY DEPARTED
Anna Pitzlin DENY DEPARTED
Ashley Jensen RW current
Britney Thompson RW DEPARTED
CasAdmin201 RW current
ChristinaDupras DENY current
Crystal Rodriguez DENY current
Crystal Suszek DENY current
Dining Manager DENY ROLE (HIPAA concern)
Front Desk DENY ROLE (HIPAA concern)
guest DENY service/admin
guru RW service/admin
Haris Durut DENY DEPARTED
JD Martin DENY current
John Trozzi DENY current
Karen Rossini DENY current
Lois Lane DENY current
Lupe Sanchez DENY current
mcnurse DENY ROLE (HIPAA concern)
Megan Hiatt DENY current
Memcare Receptionist DENY ROLE (HIPAA concern)
memcarenurse DENY ROLE (HIPAA concern)
meredith kuhn DENY current
Monica RamirezRossette RW DEPARTED
Nela Durut-Azizi DENY DEPARTED
Nurse Tower DENY ROLE (HIPAA concern)
Shelby Trozzi DENY current
Susan Hicks DENY current
Tamra Johnson DENY DEPARTED
Veronica RW current
VPNClient DENY service/admin
Reference in New Issue View Git Blame Copy Permalink