The screen Access analysis provide means to perform audits on the logged authorization data.
The purpose of auditing is to be able to see which user had access to a certain object in one of the applications at a certain time. To access this information, an Auditing group is present in the Advanced menu, which includes an Access Analysis menu item. The corresponding screen looks like this:
A filter is included at the top of the screen. In this filter you can enter a Audit period from and a Audit period to in the Period section. IAM will then calculate what the maximum access rights of a user are for a specific object in a specific application during that period.
The results of this calculation can be found in the tabs in the bottom half of the screen. A tab is available for each object that can be authorized. The results of the calculation can contain a lot of data. Filtering on more properties, besides Audit period from and Audit period to, will reduce the set of data. If Project and Project version are filled, IAM will filter the data on all applications based on it. You can filter even more specifically in section Application. Application alias provides data of a specific application, regardless of the version. When the Application itself is filled, filtering is also done on the version of the application and on the server where the application is located. Finally, you can filter on User. If this field is filled, IAM will only display access data from that specific user.
Usage of Access analysis in combination with History analysis
It is best practice to use Access analysis in combination with History analysis. In Access analysis certain questions can raise and then the History analysis can be used to see how certain situations have arisen. For example: A user had access to table A in January 2020. In such situations, the following questions need an answer:
- In which groups was the user a member during that period?
- To which roles were those groups linked during that period?
- In which of those roles did the table have read rights?
The History analysis can be searched to find answers to these questions.