Anonymous, bureaucrat, administrator
7,528
edits
Changes
From All n One's bxp software Wixi
no edit summary
=== Group User replace permissions ===
[[Security_-_Group_Replace_Permissions]]
Where a group of users have been added, or need to be updated, the process easiest to use is :
* ''Main Menu > System Access Management > System Management > Security - Group Replace Permissions > ''
* Using the search screen, identify a group of users
* On the following screen, tick the users to be modified.
* The final screen is the same as the single user permission modifications but the list of User Ids will be included at the top of the page.
* Ensure all permissions are replaced and not added.
== Functional controls ==
The easiest way to review user access and perform group auditing is to use the Functional Access Matrix. [[Security_-_Functional_Access_Matrix]]. The output of the report allows reviews to quickly see who has access to what by different criteria, with a handy export to excel option to facilitate more in-depth analysis.
[[File:functionalAccessMatrix_output.png|800px]]
From this the Security - Group Replace functionality allows for quick modification of users permissions to those of a selected template user. [[Security_-_Group_Replace_Permissions]]
== Content controls ==
With all of the functional access secured, review of content access is the next ongoing task.
From the console on the left, access by form and access by eCourse can be easily reviewed.
= Operational Procedures and Evidence =
== Logging reviews ==
For compliance purposes, evidence is the process to ensure that checks have been carried out. The simplest way of managing this is to give the System Administrators access to a newly built form. In the form include the following
{| class="wikitable"
! Field
! Type
! Reason
|-
| Date Time || Date Time || To record when the review happened.
|-
| Reviewed by || Staff List || Person signing off that the review was done
|-
| Functional Access reviewed || True/False || Simple statement
|-
| Functional Access anomalies || Text Area || A box to state if any exceptions were noted.
|-
| Functional Access corrections || Text Area || Any corrective actions taken to fix the anomalies
|-
| Content Access reviewed || True/False || Simple statement
|-
| Content Access anomalies || Text Area || A box to state if any exceptions were noted.
|-
| Content Access corrections || Text Area || Any corrective actions taken to fix the anomalies
|-
|}
By ensuring at agreed intervals the work is carried out this form can be used as evidence as the logs are date and time stamped.
With these reviews, build into your procedures that the export of the full Functional Access Matrix is included in the contact history of the record. Also the security profile of a sampled Form and a sampled eCourse could be included.
== eCourse reference material ==
It is important to have a set or processes, procedures and policies for the management of bxp. Usually regulated businesses will based these on Word documents. bxp provides an initial document for consideration / modification by clients to match their internal processes.
By creating an eCourse this material can be stored online and reference to look ups is auditable in an eCourse, where it is not in a Word document.
[[File:Template_-_bxp_UAM_-_v1-0.docx]]
== Data Security reviews ==
Whilst UAM is a useful tool it should also feature as part of a data security review process which examines all security considerations. This process usually and naturally leads to full security | legal | risk | compliance audits.
All n One are well versed in these processes and would be glad to help and work with your security and other teams to put processes and procedures in place to support your organisation.
= Final call to action =
If you need any advise, help or further information on anything mentioned in this scenario, we would be glad to help. Please contact us on +353 1 4294000 or email us at support@bxpsoftware.com and we'll get you the answers you need.
[[Category:Topic:Scenario]]
[[Category:Topic:Security]]
[[Category:Module Specific:System Access Management]]
