Are there any plans of a access review / access attestation feature, or is it something you have already ruled out ?

Access reviews are a common requierment for many security frameworks. Is this a feature you see being added in the future, or has it been ruled out has something that doesn't fit your vision for the product?

ago by (20 points)
ago by (20 points)
0

I was thinking a bit about the use case presented here by me, and i would like to know if what i had in mind would be possible with you current features.

1 - Create a scheduled task that removes all users in a group (There should be some abstraction that would allow me to keep all the groups that the rule should be applied to) every X months/weeks.

2 - The next step on the business rule would require the manager or someone responsible to aprove the removal of each member of the group.

3 - By default if the responsible doesn't aprove and the end date is reached no changes are made

++ Being able to create a remainder after X days have passed and the responsible hasn't made any decisions about the members of the group. ++ The manager is able to close the review by saying all changes necessary changes have been made

The ++'s are just things i think would be useful, but in no way necessary.

Do you think point 1-3 would be possible in your current implmentation?

ago by (306k points)
0

Hello Pedro,

Generally, it is possible to fulfill points 1-3. However, not exactly the way described. First of all, there will be no general operation. A separate approval request will be created for removing each member from the group. As such, only removing a single member can be approved or denied. This makes point three almost impossible to fulfill. For example, the responsible person approves removal of one user and then ignores the requests for other accounts. What should be done in this case. Additionally, the workflow will require a lot of custom scripting.

1 Answer

ago by (306k points)
0 votes

Hello Pedro,

Unfortunately, there is nothing like that. However, thank you for the suggestion. We forwarded it to the corresponding department for consideration.

Related questions

Is there any way to add a warning when adding a group member that is already part of the group?

Is there any way to add a warning message when someone tries to add a group member that already is member? Checked config but found nothing related. Added a new member that ... the group and there is no warning, and the logs show that the task was completed.

asked Jul 9, 2024 by lramirez (20 points)
0 votes
1 answer
Is there an email address my security team can send a security questionnaire to and have it filled out?

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
1 answer
Is it possible to generate a report of all of the business rules carried out on a user when they are disabled?

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (250 points)
0 votes
1 answer
Web Service only for Self-Service with deny login all "Access is denied. You don't have access to any Web Interfaces."

Hi Evryone, I am trying to set up an external portal within a new webserver on dmz, and with only access to a webservice created from selfservice. The new webservice is only ... login, only reset password. What I am mising there that its not working? Thanks,

asked Nov 26, 2021 by yagoityd (20 points)
0 votes
0 answers
Is there a way to pull a report within Adaxes to find out how many devices a user will have associated to them?

Is there a way to pull a report within Adaxes to find out how many computer objects a user will have associated to them?

asked Mar 2, 2022 by Tarun Sharma (20 points)
0 votes
1 answer