Access analysis

Introduction to Access analysis

The purpose of an audit is to see which user had access to a specific object in one of the applications at a specific time.

Access analysis

main administrator

The screen Access analysis provides means to perform audits on the logged authorization data.

To access audit information:

menu Advanced > Auditing > Access analysis

1. In the tab Filter, enter an Audit period from and a Audit period until. IAM will then calculate what the maximum access rights of a user are for a specific object in a specific application during that period.

2. Inspect the results of this calculation in the lower half of the screen. A tab is available for each object that can be authorized.

   The results of the calculation can contain a lot of data.

3. If necessary, filter on more properties to reduce the amount of data.

   • Model and Branch - filter the data for all applications based on that model or branch.
   • Application alias - filter the data for a specific application, regardless of its version.
   • Application id - filter the version of the application on the server where the application is located.
   • Tenant - Filter data for that specific tenant.
   • User - filter data for that specific user.

Access analysis

Combine Access analysis with History analysis

main administrator

It is a best practice to use Access analysis in combination with History analysis.

The data in Access analysis can raise questions. You can use the History analysis to see how certain situations have happened.

For example: A user had access to table A in January 2022. In such situations, the following questions need an answer:

• Of which groups was the user a member during that period?
• To which roles were those groups linked during that period?
• In which of those roles did the table have read rights?