The following are the main processes when working with CA GovernanceMinder:
In a typical implementation, the Role Engineer first imports current access data from the security administration server. Source documents would include a users database file, resources database file, roles file (if existing) and possibly one or more files describing the relationship between one or more entities (users, resources, roles). Using a direct communications link to the production server, CA GovernanceMinder enables the importing of data from many formats including: CSV, SQL, and RACF. CA GovernanceMinder creates its own CA GovernanceMinder “configuration” document, which contains the known user, role, and resource information.
The role discovery process enables the discovery of roles that were not explicitly defined in the source data and the refining of existing roles. CA GovernanceMinder's role discovery tools include searching for and proposing basic roles, obvious roles, roles that are almost perfect matches of other roles, and identifying role hierarchy. These options contain sub-menus that enable fine-tuning CA GovernanceMinder's discovery algorithm to adapt it to the specific configuration that is being analyzed. The results of running these CA GovernanceMinder options are CA GovernanceMinder's proposals for role definitions. These roles are individually examined to determine their appropriateness and validity for the organization.
CA GovernanceMinder's basic auditing tools apply CA GovernanceMinder's internal logic and built-in algorithms to an existing configuration to analyze and identify many types of non-conformities or suspicions related to users, roles, and resources. The Role Engineer can apply individual tools to analyze a configuration or can run a comprehensive audit. The output of an audit is the AuditCard, which contains a list of all suspicious records and the type of suspicion involved (currently about 50 different types). The AuditCard also contains a built-in mechanism for tracking progress until resolution is achieved.
The CA GovernanceMinder Policy Compliance module is an additional audit tool that enables formulating a unique set of Business Process Rules (BPR) that represent various constraints on privileges. These rules are formulated independently of a specific CA GovernanceMinder configuration and can then be applied to different configurations.
Before uploading a processed CA GovernanceMinder configuration to the organization's production server, the differences between the original source data and processed CA GovernanceMinder configuration are examined using a built-in CA GovernanceMinder option. After verifying the differences and making any necessary changes, the configuration data is directly exported from the CA GovernanceMinder interface to the production computer's format. The export eliminates cross-platform conversion problems.
|
Copyright © 2014 CA.
All rights reserved.
|
|