If you have the Auditor application role assigned, you can perform the following auditing tasks:
Use the Governed data tile on the Auditing view (Responsibilities | Auditing) to display a list of managed hosts or the governed data for a given managed host.
To view governed data for a managed host
- From the menu bar, select Responsibilities | Auditing.
-
On the Auditing view, select the Governed data tile.
The Auditing- Managed Hosts view appears listing the managed hosts in your environment, including the following details:
- Display name
- Host type
- Count of governed resources
- Count of points of interest
-
Click the Show governed data button for a managed host.
The Auditing-Governed data view appears listing the governed resources for the selected managed host, including the following details:
- Path
- Governed data type
- Risk index (calculated)
-
Comments
Note: Click the View Settings | Additional columns button to view a list of additional details that can be added to the display. Select the additional columns to be added and click Apply. Use the Reset view option to remove any additional information you may have added.
- Click the View content button for a governed resource to view additional governed data under the selected resource.
Using the Auditing option on the Responsibilities menu you can view information about employees, business roles, system roles, One Identity Manager application roles, organizational structures, and other services. In addition, if the Data Governance Edition module is installed, you can view the access permissions for an Active Directory resource.
To view the access permissions for an Active Directory resource
- From the menu bar, select Responsibilities | Auditing.
-
On the Auditing view, select the Active Directory tile.
The Auditing - Active Directory view appears displaying a list of Active Directory resources.
-
To limit the list, click the Assign link next to Select an employee.
- The Select an employee dialog appears.
- Select the employee you want to view.
- The Auditing - Active Directory view re-appears, listing the Active Directory resources for which the person is responsible for.
-
Click the Active Directory resource you want to explore, and then select the Show details button.
The Status page for the resource appears, which allows you to review the following information about the selected object:
- Overview: A hyper view (graphical representation) of relations between the system entitlement and One Identity Manager.
- Master data: The properties assigned to the system entitlement.
- Memberships: The employees who have access to the system entitlement.
- Child groups: The child groups for the system entitlement.
- Attestation: The attestation status of the system entitlement.
- Compliance: The compliance violations against the system entitlement.
- Usage: The role classes of employees who are members of the selected entitlement.
- Click the Access tab.
-
Click the arrow to the left of a group to expand the list and view parent groups.
Note: If more parent groups are shown, expand the view until either a folder or file is shown. This means you can also view access permissions for parent groups.
A check mark is displayed in the Read and Write columns to show the access permissions currently assigned to the file or folder.
-
Click the Details button next to a file or folder.
The Access Control List appears showing the assigned permissions. Click Close to close the Access Control List.
When Data Governance Edition is installed, the Auditing view for an employee includes an additional Access page that lists the groups and accounts to which the selected account is assigned. You can then expand a group or account to view detailed access control information.
When the selected account has access to governed resources, two tabbed pages appear:
- Memberships: Shows the groups and account to which the selected employee is assigned.
- Resources: Shows the governed resources the selected employee has access to.
Note: If the selected employee does not have access to any governed resources, the view contains the list of groups and accounts to which the selected employee is assigned.
For more information on the other auditing tasks and views available through the web portal, see the One Identity Manager Web Portal User Guide.
To view the membership and access control information for an employee
- From the menu bar, select Responsibilities | Auditing.
- On the Auditing view, select the Employees tile.
- On the Auditing - Employee Details view, select an employee from the list.
- Click Access to display the groups and accounts the selected account is assigned to.
- Click the Memberships tab to view the membership information for the selected employee.
-
Click the arrow to the left of an account to expand the group or account to view detailed access control information.
Note: If more parent groups are shown, expand the view until either a folder or file is shown. This means you can also view access permissions for parent groups.
A check mark is displayed in the Read and Write columns to show the access permissions currently assigned to a file or folder.
-
Click the Details button next to a file or folder.
The Access Control List appears showing the assigned permissions. Click Close to close the Access Control List.
