We are upgrading from 6.9.1 to 7.0.2 and during the testing, noticed there is a new type of rule available.- "Unauthorized Change"
In 7.0.2 we can mitigate any unauthorized changes by "Create Change request " option. And all these change requests are being created only to remove access.
Am I missing any configuration, so all requests should not simply create remove requests?
or in better way we were expecting, the mitigating option to generate access review, which would have certified such access by appropriate reviewer, and user would have simply kept the access even though it was captured in Unauthorized Change rule.
Currently we are having same business case where one custom report detects such unauthorized accesses, and business teams don't like to remove those accesses and add them back using new request again, causes a lot of delay.
So are there any changes in 7.1 ? Or any future plans to change this default behavior ?
I don't believe so. I would go further wrt the actions available for this type of rule.
I have long held the opinion that these changes should be treated as violations with appropriate remediation, i.e. the system allows the option to Maintain or Revoke the unauthorised changes. You could argue, I guess, that a review offers the same kind of options, but it is a different kind of processing model to rule violations, which is what I think these should be.