This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Datareach

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Versions
All Downloads

Product Resources

Overview

RSA IGL Data Reach is a simple, scalable solution for governing and provisioning into multiple databases, Windows & UNIX endpoints, AWS accounts without the need for individual RSA IGL configurations. This is middleware that extends the RSA Identity Governance & Lifecycle (RSA IGL) platform with the ability to efficiently perform routine collections of administrative access, from many relational databases, Windows or UNIX (different flavors) endpoints. Any relational database technology is supported, provided there is a valid JDBC driver available for it. The solution also comes packaged with a matching provisioning connector- allowing for automatic assignment and revocation of access across the landscape. This connector requires only a single configuration that is applicable for the entire environment. 

 

Collections

This section explains the data collection capabilities of RSA IGL Data Reach and the type of data collected from each of the endpoint types.

 

Databases

List of supported databases 

  • Oracle
  • MS SQL
  • PostgreSQL
  • DB2
  • MongoDB
  • Sybase
  • Teradata
  • MySQL
 
These are available out of box, however other JDBC compliant databases can be configured with RSA IGL Data Reach.

 

The table below list the data elements collected by RSA IGL Data Reach out of the box for each of the database types. Since Data Reach is build on extensible framework, this can be extended depending on the support by underlying database.

 

 Database  Data Collected
Oracle

Accounts

  1. Account Name
  2. Last Login
  3. Account Status
  4. Profile

Resources

  1. Table
  2. Type

Resource Permissions

  1. Table Name
  2. Privilege

Resource Relationships

  1. Table Name
  2. Account
  3. Privilege

Roles

Role Name

Role Relationships

  1. Role Name
  2. Account
MS SQL

Accounts

  1. Account Name
  2. Account Description
  3. Creation Date
  4. Account Disabled

Roles

  1. Role Name
  2. Role ID

Role Relationships

  1. Role Name
  2. Account
PostgreSQL

Accounts

  1. Account Name
  2. Is Super User

Roles

  1. Role Name
  2. Role ID

Role Relationships

  1. Role Name
  2. Account
DB2

Accounts

  1. AccountID

Resource-Action

  1. Table Name
  2. Privilege

Resource-Relationships

  1. Table Name
  2. Privilege
  3. Owner

Roles

  1. Role Name

Role Relationships

  1. Role Name
  2. Account
MongoDB

Accounts

  1. Account Name
  2. DB Name
Sybase

Accounts

  1. Account Name
  2. AccountID
Teradata

Accounts

  1. Account Name
  2. Description
  3. Creation Date
MySQL

Accounts

  1. User Name
  2. Password Last Changed
  3. Account Locked

Roles

  1. Role Name
  2. Is Active

Role Relationships

  1. Role Name
  2. Account

 

Operating Systems

List of supported operating systems

  • Windows 2012 and higher
  • UNIX
  • AIX
  • Solaris

The table below list the data elements collected by RSA IGL Data Reach out of the box for each of the OS types. Since Data Reach is build on extensible framework, this can be extended depending on the support by underlying OS.

 

 Operating System  Data Collected
Windows

Accounts

  1. Account Name
  2. Last Login
  3. Account Status

Groups

Group Name
UNIX

Accounts

  1. Account Name
  2. Last Login
  3. Password Status
  4. Home Directory
  5. Primary Group Id

Groups

  1. Group Name
  2. Group ID
AIX

Accounts

  1. Account Name
  2. Last Login
  3. Last Updated
  4. Maxage
  5. Home Directory
  6. Primary Group
  7. Account Locked

Groups

  1. Group Name
  2. Group ID
Solaris

Accounts

  1. Account Name
  2. Last Login

Groups

Group Name

 

Cloud Providers

List of supported cloud providers

  • AWS

The table below list the data elements collected by RSA IGL Data Reach out of the box for each of the cloud providers. Since Data Reach uses direct API integration with these providers, these capabilities cannot be extended.

 

 Cloud Provider  Data Collected
AWS

Accounts

  1. All Local IAM Users
    1. ARN
    2. Path
    3. User Name
    4. User ID
    5. Created Date
    6. Password Last Used
  2. All Account to Inline Policies
    1. ARN
    2. Policy Name
    3. User ARN
    4. User Name
    5. User ID
  3. All Account to Managed Policies
    1. ARN
    2. Policy Name
    3. User ARN
    4. User Name
    5. User ID

Groups

  1. All Local Groups
    1. ARN
    2. Path
    3. Group Name
    4. Group ID
    5. Created Date
  2. All Group Members
    1. User ARN
    2. User Name
    3. User ID
    4. Group ARN
    5. Group Name
    6. Group ID
  3. All Group to Inline Policies
    1. Policy ARN
    2. Policy Name
    3. Group ARN
    4. Group Name
    5. Group ID
  4. All Group to Managed Policies
    1. Policy ARN
    2. Policy Name
    3. Group ARN
    4. Group Name
    5. Group ID

Roles

  1. All Roles
    1. ARN
    2. Path
    3. Role Name
    4. Role ID
    5. Created Date
    6. Role Last Used
    7. Description
  2. All Role to Inline Policies
    1. Policy ARN
    2. Policy Name
    3. Role ARN
    4. Role Name
    5. Role ID
  3. All Role to Managed Policies
    1. Policy ARN
    2. Policy Name
    3. Role ARN
    4. Role Name
    5. Role ID
  4. All Managed Policies
    1. ARN
    2. Path
    3. Policy Name
    4. Policy ID
    5. Created Date
    6. Updated Date
    7. Description
    8. Attachment Count
    9. Is Attachable
    10. Scope

 

Provisioning

The AFX connectors are available for the below mentioned endpoints and the current capabilities that are available

 

Databases

  Oracle MS SQL
Create Account ✔️ ✔️
Add Account To Group    
Remove Account From Group    
Add Application Role To Account ✔️ ✔️
Remove Application Role From Account ✔️ ✔️
Enable Account ✔️ ✔️
Disable Account ✔️ ✔️
Delete Account ✔️ ✔️

 

 
These are available out of box, however other JDBC compliant databases can be configured with RSA IGL Data Reach.

 

Operating Systems

  Windows UNIX AIX
Create Account ✔️ ✔️ ✔️
Add Account To Group ✔️ ✔️ ✔️
Remove Account From Group ✔️ ✔️ ✔️

 

 
These are available out of box, however other UNIX base operating systems that support SSH can be configured with RSA IGL Data Reach.

 

0 Likes
Was this article helpful? Yes No
No ratings

On this page

© 2023 RSA Security LLC or its affiliates. All rights reserved.