SecurID^® Governance & Lifecycle 7.2 Enablement

MartinOlesen1 · ‎2020-03-13

Hi guys,

I am working on creating a Reviews with critical access.

My setup is that i have setup an entitelment collector, that are collecting all groups in application. It collect 300 entitelments, it contains ENT. ID, ENT description and ENT name. But in the DB there is also a table that markes if the entitelments is CRITICAL.

I would like if the collector differens on which entitelment are critical and which are not, so i can make a review of the critical ones and get it signed off by a manger.

So may question is.

- how do i make IG&l collector differens on which are critical

- how do I make a review to send out to the manager

Hope someone can help me out, ty.

CliveMorrish · ‎2020-03-20

Good to hear

Once the data is in IGL, the filtering should be straight forward.

On the contents tab of a user access review you can filter the app roles based on specific attributes. For example:

View solution in original post

CliveMorrish · ‎2020-03-13

Hi Martin,

Apologies if I'm over simplifying or not understanding this, but can you not extend the entitlement collector to also collect the critical flag?

Once that data is available within IGL, you'd be able to use the content filtering within the Review Definition to filter the results.

Thanks,

Clive

MartinOlesen1 · ‎2020-03-20

Hi Clive

Thank you for helping me out.

I dont know how to collected it? I know how to make the SQL statement, but i dont know what variable IG&L are using for it? Where can i find it after i have collected the entitlement?

Here are my collector statement

Thanks

Martin

CliveMorrish · ‎2020-03-20

You'll need to create a collected custom attribute for application roles so that the is_critical value can be collected.

Under Admin > Attributes > Application Role tab

Once created, you'll then see an additional box under the App Role Attribute on the screenshot you shared where you can add the is_critical value.

Obviously this should first be configured and tested in a non production environment as once attributes are created, they cannot be deleted.

MartinOlesen1 · ‎2020-03-20

Hi Clive

That was exactly what i was looking for, Thank you, mate.

Now i just need to figure out, how to make the review based on the critical roles in my review. 🙂

CliveMorrish · ‎2020-03-20

Good to hear

Once the data is in IGL, the filtering should be straight forward.

On the contents tab of a user access review you can filter the app roles based on specific attributes. For example:

IanStaines · ‎2020-03-20

Be aware that if you are on 7.1.1 and earlier versions there is a limitation where custom attributes created against CAS11 and higher are not visible in Reviews. You must ensure that you only use the original custom attributes CAS10 an lower if you intend on using the custom attribute in a Review. This limitation is removed in 7.2.0.

https://community.rsa.com/docs/DOC-110138

MartinOlesen1 · ‎2020-03-20

Hi Clive

Again spot on. Just what i needed.

Now i can the roles reviewed, perfect.

Thank you very much for your quick help, have a nice weekend

MartinOlesen1 · ‎2020-03-20

Ty, Ian

Fortunately, we have just upgraded to 7.2 🙂 , but good point.

CliveMorrish · ‎2020-03-20

Excellent - glad it worked

SecurID® Governance & Lifecycle 7.2 Enablement

Reviews with critical access.

SecurID^® Governance & Lifecycle 7.2 Enablement