Hi,
Can anyone help if RSA stores the audit information of mapped entitlement of an account. Basically we got a question from system audit team to figure out below -
1. Complete audit history of entitlements assigned to any account till date (e.g. account1 was assigned to Read app-role on 3rd Sept, and the same was replaced with Write on 10th Nov. So, table should have 2 entries with date against account1). I know the last n times raw data can help with little information, however the requirement is to provide the complete history of the account's life cycle
2. Whether the account was having any SOD exceptions access assigned to it any one its life-cycle. If so, what were the conflicting access and when was it granted and revoked.
The business justification of these requests are to track any access which was assigned to any account and to make sure that user did not misuse the same.
One solution I can think of is having the all user access report everyday and refer that whenever required. Any other solution (any view/table keeps these information) ?
I'm in VIA 7.0.2 P04.
- Amit
Hi Amit,
For the first one I think it's possible. I've created a report before with a similar functionality.
Firstly you will need the T_AV_EXPLODEDUSERENTITLEMENTS table which contains a lot of usefull data (e.g. Application id, entitlement/approle id, entitled id, creation date etc.).As far as I know in this table you can find every entitlements and approles from the past and the present so you could make a query based on you requirement. PV_USERS, PV_APPLICATION, PV_APPLICATION_ROLE and PV_APPLICATION_ENTITLEMENT tables could be helpful to make a human readable report. (e.g show application name instead of application id etc.)
Regards,
Álmos