This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User account audit Access fr Audits

Good day, all.

Please can I get some help?

As per the latest ISO compliance regulations our customers have to prove  

  1. All user accounts that have the “System Administrator” server role
  2. All user accounts with administrator rights are in a vault.

Basically what I would love to be able to pull a detailed pillaged access or permissions report, I am working with multiple vaults 10+  and hundreds of users. What I want to avoid is going user by user to get this information like the below screenshot.

Basically something like this or as close to it as possible without putting undue workload onto the client or auditors.

Or like this any ideas are most welcome!

Kind Regards 

Parents
  • You might want to reach out to your reseller.  I know that we have at least one tool that generates some documentation on a vault but I don't recall whether it does users and permissions to the level you want.  If it does then that sounds like a good starting point.

    If it does not then this sounds like something which could be created "relatively quickly" using our APIs (I added the quotes as the devil is always in the detail).

  • Thank you, I have seen some API scripting that can pull the data I'm looking for, I just don't have the knowledge to do it myself. 

    I have logged a support Query already but I always find the forums are the best place to find quick answers :) 

Reply Children
  • I don't have any off-the-shelf code for you, although I can see that from an auditing perspective this may be a common requirement.  Maybe over time we could add something as a public sample, or perhaps this would be a good "consulting tool" that could be made available in an unsupported capacity.

    As a general point you'd need to work with the "login account" and "user account" objects.  The login account data will show whether it's a system admin, and the user account data what roles a given user has in that vault.  Some reference points:

    For each of these you would retrieve the collection they return and then check the properties of the returned items, checking (for example) the roles that the user has in the vault.  This would then allow you to create a CSV or similar that you could show auditors.

  • Hi Craig I was going through the consulting tools academy course right now actually and thought the same.

    Even the Wiki links for the consulting tools pages are not 404 So looks like this is something that needs to be looked into.

    Especially with the latest ISO standards being updated.

  • Please do send me a private message with the links that are broken (and where you found them) and I'll try to raise that to the correct people.