AnsweredAssumed Answered

Creating a User Access Review to Mimic User Access Page

Question asked by Sasha Browning on Sep 28, 2016
Latest reply on Sep 29, 2016 by Sasha Browning
  • Comment1

Is it possible to create a User Access Review in such a way that it mimics the user experience on the Home > Users > Access tab?  I am referring to the ability to remove access granted directly (an account, a group, etc) and simply view all other access (granted indirectly - for instance via group nesting or role membership)

 

User Access Page:

 

I've been fiddling with the reviews, so far I have the following:

  1. User access review
    • Contents: Groups, entitlements (ent), etc., that are granted directly
    • Issues:
      • Accounts are not shown
      • Any access granted indirectly (all access) is not available
      • Displaying Entitlement Path variable is not an available option (which would be nice), but this would require the ability to display all (indirect) access.
  2. Account review
    • Contents:
      • Top Level: Account
      • Next Level: Groups, entitlements (ent), etc., that are granted directly (similar to the User Access review, above).
    • Issues
      • Any access granted indirectly (all access) is not available
      • Displaying Entitlement Path variable is not an available option (which would be nice), but this would require the ability to display all (indirect) access.

 

Background

I'm working on creating user access reviews so that managers can review access for their direct reports.  For now, the default user access review looks fine, but I will have some managers that want the ability to view all access for their subordinates.  RSA IMG hasn't been made public, so I have to address user education and documentation, but I wanted to give managers the option to view their users' access within the review itself.  

 

It would be great if I could have the option of showing just Directly entitled vs All access, directly within the report.  

 

Server Information

Currently running RSA IMG 6.9.1 P16

 

Question:

Is it possible to show all access within the review, to mimic the User access page or should I submit an enhancement request with RSA?

 

I do not have professional services dollars to address this portion of our deployment, so your feedback would be appreciated. Thank you.

Sasha Browning
Sasha Browning Sep 29, 2016 1:59 PM
Correct Answer

I talked with my professional services guy....

 

Although you can view accounts with the Uuser Access page, RSA IMG doesn't really consider accounts to be access...which I find weird.  At this point, I'm left with 2 options:

  1. Keep using the User Access Review
    • Manager selects maintain/revoke for access granted directly (groups, ent, role, etc)
  2. Change to an Account Access Review
    • Manager still selects maintain/revoke for access granted directly, but the default view is structured by default like this:
      • Account 1
        • Group A
        • Group B
        • Ent 1
      • Account 2
        • Group X
        • Ent 3

 

I think my priorities are going to be:

  • Standardize the columns and view(s)
  • If possible, include all access within the User Access review (i.e. granted via group nesting, roles, etc).  Reviewers will only be able to view; they will not be given the option to maintain/revoke access.
    • I think this is going to be a problem as well as including the Entitlement Path as a column in the review, but I'll see.
See the reply in context
No one else had this question

Outcomes