Is it possible to create a User Access Review in such a way that it mimics the user experience on the Home > Users > Access tab? I am referring to the ability to remove access granted directly (an account, a group, etc) and simply view all other access (granted indirectly - for instance via group nesting or role membership)
User Access Page:
I've been fiddling with the reviews, so far I have the following:
- User access review
- Contents: Groups, entitlements (ent), etc., that are granted directly
- Issues:
- Accounts are not shown
- Any access granted indirectly (all access) is not available
- Displaying Entitlement Path variable is not an available option (which would be nice), but this would require the ability to display all (indirect) access.
- Account review
- Contents:
- Top Level: Account
- Next Level: Groups, entitlements (ent), etc., that are granted directly (similar to the User Access review, above).
- Issues:
- Any access granted indirectly (all access) is not available
- Displaying Entitlement Path variable is not an available option (which would be nice), but this would require the ability to display all (indirect) access.
- Contents:
Background
I'm working on creating user access reviews so that managers can review access for their direct reports. For now, the default user access review looks fine, but I will have some managers that want the ability to view all access for their subordinates. RSA IMG hasn't been made public, so I have to address user education and documentation, but I wanted to give managers the option to view their users' access within the review itself.
It would be great if I could have the option of showing just Directly entitled vs All access, directly within the report.
Server Information
Currently running RSA IMG 6.9.1 P16
Question:
Is it possible to show all access within the review, to mimic the User access page or should I submit an enhancement request with RSA?
I do not have professional services dollars to address this portion of our deployment, so your feedback would be appreciated. Thank you.
I talked with my professional services guy....
Although you can view accounts with the Uuser Access page, RSA IMG doesn't really consider accounts to be access...which I find weird. At this point, I'm left with 2 options:
I think my priorities are going to be: