Clarity

  • 1.  Rights "audit"

    Posted May 19, 2017 04:07 AM

    Hi guys,

     

    I must build portlet in which i charge information about rights. I want to have information who gave which right to people and when it happen ~ something similar to normal audit. I also have information about taking rights away. It is possible ? Which table i should use in my query ?

     

    Thanks for any info.



  • 2.  Re: Rights "audit"

    Posted May 19, 2017 04:30 AM

    The access rights model in CA PPM can be pretty complicated, so I'm not sure that there is a simple answer to your question. You are going to have to understand a lot of complicated relationships to get a "simple" answer

     

    There are many existing discussions on this "problem" though, have a read of those (and those that they reference) in order to understand the scope of the problem. Perhaps even you might find an exact answer to your requirements!

     

    For example ; start here ; Creating a series of Portlets to display security rights 



  • 3.  Re: Rights "audit"

    Posted May 19, 2017 05:44 AM

    Also explained here by Dave

     

    Is there any way to Audit the additon and deletion of access rights to resources?

    https://communities.ca.com/message/241731764  

     

     

    NJ



  • 4.  Re: Rights "audit"

    Posted May 19, 2017 05:44 AM

    Ouch - already responded by Dave

     

    NJ



  • 5.  Re: Rights "audit"

    Posted Jun 05, 2017 12:53 PM

    We use a different method for auditing our access. First access is only granted by submitting an Access Request From, that must be approved by a manager. Once submitted, it is processed and access to specific security groups is given and the from is archived. Monthly a job is run to grab each account and the access they have and an automated system has the resources manager review and attest to the access. If they fail to attest, or decide to remove groups, the tech team has a couple of days to remove the access. All of this is logged. Failure to remove access, or attest gets escalated.