Anonymous_User Absent Member.
Absent Member.
447 views

pre provisioning Risk Analyse


Hi,
I am testing AR 1.5. I have added one identity and one application data
store. Both are working fine. Also I set up risk levels on a few
permissions and added a few SoD policies.

Now I want to do a risk analyse (at least SoD) of an specific user
before(!) applying a new role to that user (e.g. by an IDM workflow).
How to do that? Is there a Web API that I am able to request?
I would await an answer like "If you apply role X to user Y the SoD
policy A, B and C will be violated".

regards
Daniel


--
dbuschke
------------------------------------------------------------------------
dbuschke's Profile: https://forums.netiq.com/member.php?userid=11137
View this thread: https://forums.netiq.com/showthread.php?t=55090

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: pre provisioning Risk Analyse

On 1/6/16 10:34 AM, dbuschke wrote:
>
> Hi,
> I am testing AR 1.5. I have added one identity and one application data
> store. Both are working fine. Also I set up risk levels on a few
> permissions and added a few SoD policies.
>
> Now I want to do a risk analyse (at least SoD) of an specific user
> before(!) applying a new role to that user (e.g. by an IDM workflow).
> How to do that? Is there a Web API that I am able to request?
> I would await an answer like "If you apply role X to user Y the SoD
> policy A, B and C will be violated".
>
> regards
> Daniel
>
>

Greetings Daniel,
Thank you for the question. I research into this and reply back

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: pre provisioning Risk Analyse


Steven Williams;263973 Wrote:
>
> Thank you for the question. I research into this and reply back
>


Hi Steven,
I have asked about this in the Access Review Webcast. Short answer is:

IDM SoDs are "provisioning rules" and AR SoDs are "business rules". This
means you cannot not use AR SoDs during IDM provisioning.

To be honest I am not glad with the answer. I think the separation
between both SoD types is not needed and results just in a double
configuration of SoD rules.

regards
Daniel


--
dbuschke
------------------------------------------------------------------------
dbuschke's Profile: https://forums.netiq.com/member.php?userid=11137
View this thread: https://forums.netiq.com/showthread.php?t=55090

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: pre provisioning Risk Analyse

On 1/19/16 3:44 AM, dbuschke wrote:
>
> Steven Williams;263973 Wrote:
>>
>> Thank you for the question. I research into this and reply back
>>

>
> Hi Steven,
> I have asked about this in the Access Review Webcast. Short answer is:
>
> IDM SoDs are "provisioning rules" and AR SoDs are "business rules". This
> means you cannot not use AR SoDs during IDM provisioning.
>
> To be honest I am not glad with the answer. I think the separation
> between both SoD types is not needed and results just in a double
> configuration of SoD rules.
>
> regards
> Daniel
>
>

Greetings Daniel,
It appears I was researching the incorrect part from your post. I
though that you wanted to know about "pre" analysis -> ("If you apply
role X to user Y the SoD policy A, B and C will be violated”)

With AR 1.5, we do not perform future risk analysis based on
potential set of permissions.



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.