User account audit Access fr Audits

Good day, all.

Please can I get some help?

As per the latest ISO compliance regulations our customers have to prove  

  1. All user accounts that have the “System Administrator” server role
  2. All user accounts with administrator rights are in a vault.

Basically what I would love to be able to pull a detailed pillaged access or permissions report, I am working with multiple vaults 10+  and hundreds of users. What I want to avoid is going user by user to get this information like the below screenshot.

Basically something like this or as close to it as possible without putting undue workload onto the client or auditors.

Or like this any ideas are most welcome!

Kind Regards 

Parents
  • You might want to reach out to your reseller.  I know that we have at least one tool that generates some documentation on a vault but I don't recall whether it does users and permissions to the level you want.  If it does then that sounds like a good starting point.

    If it does not then this sounds like something which could be created "relatively quickly" using our APIs (I added the quotes as the devil is always in the detail).

  • Thank you, I have seen some API scripting that can pull the data I'm looking for, I just don't have the knowledge to do it myself. 

    I have logged a support Query already but I always find the forums are the best place to find quick answers :) 

  • I don't have any off-the-shelf code for you, although I can see that from an auditing perspective this may be a common requirement.  Maybe over time we could add something as a public sample, or perhaps this would be a good "consulting tool" that could be made available in an unsupported capacity.

    As a general point you'd need to work with the "login account" and "user account" objects.  The login account data will show whether it's a system admin, and the user account data what roles a given user has in that vault.  Some reference points:

    For each of these you would retrieve the collection they return and then check the properties of the returned items, checking (for example) the roles that the user has in the vault.  This would then allow you to create a CSV or similar that you could show auditors.

Reply
  • I don't have any off-the-shelf code for you, although I can see that from an auditing perspective this may be a common requirement.  Maybe over time we could add something as a public sample, or perhaps this would be a good "consulting tool" that could be made available in an unsupported capacity.

    As a general point you'd need to work with the "login account" and "user account" objects.  The login account data will show whether it's a system admin, and the user account data what roles a given user has in that vault.  Some reference points:

    For each of these you would retrieve the collection they return and then check the properties of the returned items, checking (for example) the roles that the user has in the vault.  This would then allow you to create a CSV or similar that you could show auditors.

Children