AnsweredAssumed Answered

Generation of Coverage File for a User Access Review

Question asked by Madhuri Chinthaparthi on Mar 26, 2019
Latest reply on Mar 27, 2019 by Madhuri Chinthaparthi

Like • Show 0 Likes0
Comment • 4

We have a Business Requirement where particular type of accounts(shared,technical) should go to the specified Reviewers

Like shared accounts to Application biso and technical accounts to the Tiso of the Application

for review and the other accounts of the users to other reviewers as specified in the coverage file.

We need to achieve this using user access reviews.Kindly Provide any workarounds or options to proceed with the above implementation

Notes : We Don't Want to Use Account Access and Ownership Review as all our business Processes are based on User Access Review

No one else has this question

Outcomes

4 Replies

Edwin Mullie Mar 27, 2019 6:21 AM
Mark Correct
Correct Answer
The only way I can see this work for the technical accounts is if you link these type of accounts to "technical" identities and not to real users. You can make the Tiso of the application the manager of these accounts so that the review definition is very straight forward.

As for the shared accounts you could do the same as with the technical accounts but I would suggest not to link them then to real users.

What I would like to understand better is the shared accounts, why wouldn't you want these to be reviewed by the normal reviewers?

Edwin
Like • Show 0 Likes0
Actions
- Madhuri Chinthaparthi @ Edwin Mullie on Mar 27, 2019 1:10 PM
  Mark Correct
  Correct Answer
  Thanks Edwin for your Reply we used to do in the same way before.Now we have to segregate the accounts in a user access review
  Shared Accounts are assigned to the Application BISO
  Technical Accounts are assigned to the Application TISO
  Accounts with an Account Reviewer are assigned to the Account Reviewer
  All accounts from application abc are assigned to the Chief BISO of the account owner
  Orphan Accounts are assigned to the Application BISO
  Like • Show 0 Likes0
  Actions
William May Mar 27, 2019 12:53 PM
Mark Correct
Correct Answer
Are you able to identify the different use cases through metadata on the accounts? If so, you can build a series of coverage file SQL statements and union them together in an Aveksa report. Then you just need to run the report before launching your Review and upload the updated coverage file.

Also, feel free to up-vote this related idea
https://community.rsa.com/ideas/2327
Like • Show 0 Likes0
Actions
- Madhuri Chinthaparthi @ William May on Mar 27, 2019 12:58 PM
  Mark Correct
  Correct Answer
  Thanks William for the reply yes we have done in the same way but in User Access Review We cannot have filters on accounts
  Like • Show 0 Likes0
  Actions

Generation of Coverage File for a User Access Review

Outcomes

Related Content

Recommended Content