Jump to content
Mcsirl

New Audit User

Recommended Posts

Hi Guys,

 

We have a user in our company who is responsible for all Audit tasks.  Previously the external auditors would come to me and we would sit down and print-screen which users had access to the specific passwords they requested.  Also they would ask me to print screen the history of the password so they could see when changes were made to the password.

 

Is there a way for me to give this access to the above new Audit person without giving him access to any of the passwords ?

 

I cant find a way to do this so any help would be greatly appreciated.

 

Basically the audit user need access to view password/list permissions and also password history.

 

Thanks

Alan

Share this post


Link to post
Share on other sites

Hi Alan,

 

There are a couple of Security Administrator roles that you could assign to assist with this i.e. to give them access to the Auditing screen in the Administration area, and maybe the Reporting screen. Each of the Nodes in the Navigation Tree in the Administration area are separate roles for Security Administrators.

The one which is not possible is Password History - you must have access to the Password List in order to view the history of changes to records. There is auditing data for 'Password Updated', but that does not necessarily mean the value of the password has been updated - it could be other fields as well.

Regards

Click Studios

Share this post


Link to post
Share on other sites

Thanks for the quick reply,

 

Ive assigned the user Reporting, Auditing and Auditing Graphs in Security Administrator Roles.  But they still are unable to view the password list permissions ?

 

Can you talk me through how to allow this for the audit user pls ?

 

Thanks

Alan

Share this post


Link to post
Share on other sites

Hi Alan,

 

If you've assigned them the Reporting role, then they can run the reports regarding permissions on the screen Administration -> Reporting.

Can you confirm if they have access to this?

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi,

 

Yes i can confirm they have this access,  but theres no way to run a report on an individual password or password list.  The only options i have are :

1. What permissions exist (all users and security groups)?

2. What permissions exist for a user?

3. What Permissions exist for a Security Group?

4. What permissions exist for all shared password records (enumerated permissions report)?

 

What im looking for is that the audit user can click on a password list (but not the individual entries in it) so as to see the password list permissions like the screenshot attached.....

 

image.thumb.png.b65af5f91d62a125dc319831409b16b5.png

 

Share this post


Link to post
Share on other sites

Hello Mcsirl,

 

That's correct - the Reporting And Password Lists screens in the Administration area is for all Shared Password Lists, but they could just filter out the results in the export. If you don't want them doing this, then unfortunately your only options are to either continue with the process you have, or give them access to the individual Password Lists.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...