Hello.
Can anyone share their expirience with User Rights Management. For example if you have to keep track of all available Access Rights to multiple systems and get an overview from one place (And it would be preferable not to be an excel file). There is a slight idea to build a module, to keep all the Access Rights in OTRS with a possibility to get slices on basis of time, to check if some user had rights to access some systems at the period of time or to show list of users which had access to some systems at some period of time (For Security Audit purposes). The idea I am working at the moment is to register each System as a ConfigItem and link all Systems to users (ConfigItem UserAccessCard). All the Security related incidents are linking to UserAccessCard and are helping to maintain history.
The question here is should the Access Rights be automatically retrieved from systems and updated or not. Wouldn't it be a security hole and is this automatically retrieved (via webServices) data required.
Asking this, cause I have not so much expirience with Security Management and I am struggling with the idea to make everything automated or make Security Officers responsible for this.
User Rights Management Module
Moderator: crythias
-
artjoms15
- Znuny advanced
- Posts: 121
- Joined: 30 Aug 2011, 10:48
- Znuny Version: 3.3.8 && 4.0.9
- Real Name: Artjoms Petrovs
- Location: Latvia
User Rights Management Module
Ar cieņu / Kind regards,
----------------------------------------
Artjoms Petrovs
Sistēmu analītiķis/Programmētājs /
Systems Analyst/Programmer
----------------------------------------
Artjoms Petrovs
Sistēmu analītiķis/Programmētājs /
Systems Analyst/Programmer