I am needing to produce a report of all ACF2 access provisioned for the previous quarter as part of a new Sox control.
Ideally I would like a report to show every time a user was added to a rule for the previous quarter. We have some ideas but they are not easy and may not be fully accurate.
Best idea we have to use backups vs what we have at the time then compare but then you would get all UID string changes and removals.
Any ideas that someone could provide?
One ACF2 report would not really show you what you need. You actually need to be intuitive to the rule change. Say a rule was added with UID(*) ALLOW. That would be every logonid on your system. So what you need to do is run the ACFRPTEL for resource rules, and ACFRPTRL for dataset rules, and review the change made, and then add the logonids that match the UID string or the ROLE.
Well in the request we are needing a line would include the UID(*) ALLOW in addition to the 5,000+ requests processed in the previous qtr. Basically we need to see every time a Insert was performed so every time access was provisioned to a ID and even including a * but we do not allow that within this environment.
And thank you for your reply and advice most of all!
The reports are the only way to get rule changes. They can also be sent to DB2 using CIA and an SQL query could be written. Compliance Event Manager can also keep track of rule changes and using SPLUNK could write some kind of reports, if you have that product.