SecurID^® Governance & Lifecycle Datareach

Yes

Overview

RSA G&L Data Reach is a simple, scalable solution for governing and provisioning into multiple databases, Windows & UNIX endpoints, AWS accounts without the need for individual RSA G&L configurations. This is middleware that extends the RSA Governance & Lifecycle (RSA G&L) platform with the ability to efficiently perform routine collections of administrative access, from many relational databases, Windows or UNIX (different flavors) endpoints. Any relational database technology is supported, provided there is a valid JDBC driver available for it. The solution also comes packaged with a matching provisioning connector, allowing for automatic assignment and revocation of access across the landscape. This connector requires only a single configuration that is applicable for the entire environment.

Collections

This section explains the data collection capabilities of RSA G&L Data Reach and the type of data collected from each of the endpoint types.

Databases

List of supported databases

Oracle
MS SQL
PostgreSQL
DB2
MongoDB
Sybase
Teradata
MySQL

These are available out of the box, however other JDBC compliant databases can be configured with RSA G&L Data Reach.

The table below list the data elements collected by RSA G&L Data Reach out of the box for each of the database types. Since Data Reach is build on extensible framework, this can be extended depending on the support by underlying database.

Database

Data Collected

Oracle

Accounts

Account Name
Last Login
Account Status
Profile

Resources

Table
Type

Resource Permissions

Table Name
Privilege

Resource Relationships

Table Name
Account
Privilege

Roles

Role Name

Role Relationships

Role Name
Account

MS SQL

Accounts

Account Name
Account Description
Creation Date
Account Disabled

Roles

Role Name
Role ID

Role Relationships

Role Name
Account

PostgreSQL

Accounts

Account Name
Is Super User

Roles

Role Name
Role ID

Role Relationships

Role Name
Account

DB2

Accounts

AccountID

Resource-Action

Table Name
Privilege

Resource-Relationships

Table Name
Privilege
Owner

Roles

Role Name

Role Relationships

Role Name
Account

MongoDB

Accounts

Account Name
DB Name

Sybase

Accounts

Account Name
AccountID

Teradata

Accounts

Account Name
Description
Creation Date

MySQL

Accounts

User Name
Password Last Changed
Account Locked

Roles

Role Name
Is Active

Role Relationships

Role Name
Account

Operating Systems

List of supported operating systems

Windows 2012 and higher
UNIX
AIX
Solaris

The table below list the data elements collected by RSA G&L Data Reach out of the box for each of the OS types. Since Data Reach is build on extensible framework, this can be extended depending on the support by underlying OS.

Operating System

Data Collected

Windows

Accounts

Account Name
Last Login
Account Status

Groups

Group Name

UNIX

Accounts

Account Name
Last Login
Password Status
Home Directory
Primary Group Id

Groups

Group Name
Group ID

AIX

Accounts

Account Name
Last Login
Last Updated
Maxage
Home Directory
Primary Group
Account Locked

Groups

Group Name
Group ID

Solaris

Accounts

Account Name
Last Login

Groups

Group Name

Cloud Providers

List of supported cloud providers

AWS

The table below list the data elements collected by RSA G&L Data Reach out of the box for each of the cloud providers. Since Data Reach uses direct API integration with these providers, these capabilities cannot be extended.

Cloud Provider

Data Collected

AWS

Accounts

All Local IAM Users
1. ARN
2. Path
3. User Name
4. User ID
5. Created Date
6. Password Last Used
All Account to Inline Policies
1. ARN
2. Policy Name
3. User ARN
4. User Name
5. User ID
All Account to Managed Policies
1. ARN
2. Policy Name
3. User ARN
4. User Name
5. User ID

Groups

All Local Groups
1. ARN
2. Path
3. Group Name
4. Group ID
5. Created Date
All Group Members
1. User ARN
2. User Name
3. User ID
4. Group ARN
5. Group Name
6. Group ID
All Group to Inline Policies
1. Policy ARN
2. Policy Name
3. Group ARN
4. Group Name
5. Group ID
All Group to Managed Policies
1. Policy ARN
2. Policy Name
3. Group ARN
4. Group Name
5. Group ID

Roles

All Roles
1. ARN
2. Path
3. Role Name
4. Role ID
5. Created Date
6. Role Last Used
7. Description
All Role to Inline Policies
1. Policy ARN
2. Policy Name
3. Role ARN
4. Role Name
5. Role ID
All Role to Managed Policies
1. Policy ARN
2. Policy Name
3. Role ARN
4. Role Name
5. Role ID
All Managed Policies
1. ARN
2. Path
3. Policy Name
4. Policy ID
5. Created Date
6. Updated Date
7. Description
8. Attachment Count
9. Is Attachable
10. Scope

Provisioning

The AFX connectors are available for the following endpoints and the current capabilities that are available.

Databases

	Oracle	MS SQL
Create Account	✔️	✔️
Add Account To Group
Remove Account From Group
Add Application Role To Account	✔️	✔️
Remove Application Role From Account	✔️	✔️
Enable Account	✔️	✔️
Disable Account	✔️	✔️
Delete Account	✔️	✔️

These are available out of the box, however other JDBC compliant databases can be configured with RSA G&L Data Reach.

Operating Systems

	Windows	UNIX	AIX
Create Account	✔️	✔️	✔️
Add Account To Group	✔️	✔️	✔️
Remove Account From Group	✔️	✔️	✔️

These are available out of the box, however other UNIX base operating systems that support SSH can be configured with RSA G&L Data Reach.

SecurID^® Governance & Lifecycle Datareach

Product Resources

Overview

Collections

Databases

Operating Systems

Cloud Providers

Provisioning

Databases

Operating Systems

On this page

SecurID® Governance & Lifecycle Datareach

Product Resources

Overview

Collections

Databases

Operating Systems

Cloud Providers

Provisioning

Databases

Operating Systems

On this page

SecurID^® Governance & Lifecycle Datareach