Security Secure User Administration Global Access Reporting

Global Access Reporting

One of the key elements of both security management and regulatory compliance is to periodically review who has access to systems, to find exceptions, and to remove them.

Global access reporting includes finding and eliminating dormant and orphan accounts, reviewing the access rights of current users to find entitlements that are no longer required, and the ability to simply report on "who has what."

ID-Synch® comes with built in capabilities to meet these security reporting requirements, including:

• Orphans: list login IDs on target systems not attached to active user profiles or with very old last-login dates.
• Targets: list selected target systems or those accessible by some users.
• Users: list selected users or those with specific attributes or accounts.
• Workflow:
  • Authorizers: list available authorizers and their attached resources.
  • Roles: list roles and their component templates.
  • Templates: list templates, their dependencies and role membership.
  • Requests: list current and closed change requests in the system.
• Inventory: list physical objects under management and their locations.

In addition, ID-Synch has an open schema and data access layer, allowing customers to develop their own security reports. All data in ID-Synch is available via ODBC and accessible using standard analytical tools (Crystal Reports, MS-Access, MS-Excel, SQL queries, etc).

The schema is well documented and this documentation is available to all product licensees and to evaluators under NDA. The current release schema documentation is about 175 long, and includes detailed descriptions of every field, table, relation, value constraint, etc.

Data available through ID-Synch includes:

• A list of IDs per user.
• A list of IDs per system.
• A list of IDs per group.
• Allocation of login IDs to user profiles.
• Full detail of transaction history.
• Additional user attributes (e.g., roles, employee ID) for users who were created using ID-Synch.
• Select user attributes drawn from target systems -- such as last login time/date, account enabled/disabled, etc.

ID-Synch includes a number of standard reports, available through a web user interface, from the command-line, or by e-mail:

• Orphan and dormant accounts.
• Users who have accounts on specific systems.
• Templates and roles that a particular user has been assigned.
• User groups available on target systems.
• Membership of users in user groups on target systems.
• Transaction history per time period.
• Authorizer actions.
• Delegations (current and pending).
• Implementer definitions.
• Physical inventory availability.
• Requests, by status, state and result.
• Request statistics.
• User attributes, by user and by system.
• Past Reports.

© Hitachi ID Systems, Inc. 2008. All rights reserved.