1 Authority on Demand Provide high authority “as-needed” with full Audit Trail.

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Advertisements

Michigan Electronic Grants System Plus
Using the Self Service BMC Helpdesk
1 Authority on Demand Flexible Access Control Solution.
DHRS – KRONOS SCREEN USER GUIDE.
Authority on Demand Control Authority Rights & Emergency Access.
El Vis – Visman’s Electronic VISitor management system offers a module for Control of Contractors. The system is offered on a secure, maintained and controlled.
Hacking Capture Save and Playback User Session Screens.
1 Visualizer for Audit Graphical Business Intelligence Display & Analysis Tool.
For MIP Fund Accounting Software
Neurosurgical On Call Referral System
Tele’Ware Software Application. Helping you manage your clients….
Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.
Travel and Expense Management Scenario Overview
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Information for students Welcome to the S 3 P system. Login to the system by entering your User ID and password. The User ID is the same as your normal.
1 Audit Next Generation Monitoring, Compliance & QAUDJRN Reporting.
1 Password Reset Effortless, Self service User Password Reset.
1 Action Automated Security Breach Reporting and Corrections.
For Sage MIP Fund Accounting
E2Open Supplier Training
ShelterPoint™ Data-Entry Workflows. ShelterPoint v5.2.3.
C-TPAT Security Link Portal Overview. Login Home Screen Partner Documents Discussion My Account Logout.
C-TPAT Security Link Portal Online Application. Online C-TPAT Application - Part 1. Part 1 of the Online C-TPAT Application process: Complete the Company.
Creating a Single Sign On Account. To create a Single Sign On ID please visit and select the option to create a new account.
The Registration Experience Student Registration via Self-Service.
Electronically approve and create Suppliers in Oracle Financials using a combination of APEX and Oracle Workflow. NZOUG Conference 2010 Brad Sayer Team.
Employee Self Service (ESS) Version Employee Self Service  access from any computer  view their elected withholding, earnings summary, check.
ETID Electronic Turn-in Document
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Job Request System v3.0.
1 Authority on Demand Flexible Access Control Solution.
Online Reporting Guide
Remedy – Customer Portal Fiona Gregory McKesson CRM 1.
Firewall End-to-End Network Access Protection for IBM i.
1 Action Automated Security Breach Reporting and Corrections.
Firewall End-to-End Network Access Protection for IBM i.
Click on this. “For Online resume entry” Click on this.
1 PTF Tracker Automatic Tracking of PTFs and Software Changes.
1 Command Control and Monitor CL Commands. 2 Command- The Need CL commands control nearly all IBM functionality Monitoring, controlling and logging CL.
ARMS Advanced Risk Management System User Documentation.
Ceridian Time Solutions Supervisor. IMPORTANT If you are not the manager of an employee but have been assigned the task of approving time for that employee,
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Job Request System v3.0.
Testing External Survey Automatic Credit Granting Shepherd University Department of Psychology.
Davisware GlobalEdge 2008 Payroll Main Menu Time Entry and Payroll Processing.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
UNCLASSIFIED – For Official Use Only 1 Contract Load Notification “Fly-in” Action ( Continue to Page Down/Click on each page…) Electronic Document Access.
Compass navigation for providers Click to continue Click to exit.
Adviser Panel. Go to All DD Track Advisers: Click “Advisor Login”
Collaborate. Coordinate. Evaluate. Connecting Communities > Demonstrating Outcomes ™ / I&R Housing Youth & Family Services Older Adult Services ShelterPoint™
Double click on the Internet Explorer Icon on your Desktop. This should take you to the Polytechnic of Namibia Intranet Home site or Click on this link.
2016 TELPAS Online Testing. TELPAS Assessment Management System Accessed at
FHA Training Module 1 This document reflects current policy related to this topic. Its content is approved for use in all external and internal FHA-related.
Collecting Copyright Transfers and Disclosures via Editorial Manager™ -- Editorial Office Guide 2015.
SIGMA Requestor Training In this presentation we will cover : How to log a Sigma ticket How to update a ticket via the notification function How.
1 A Look at the Application Authorized users can access Communicator! NXT from any Internet-capable computer via the Web.
HTBN Batches These slides are intended as a starting point for further discussion of how eTime might be extended to allow easier processing of HTBN data.
How to complete and submit a Final Report through Mobility Tool+ Technical guidelines Authentication, Completion and Submission 1 Antonia Gogaki IT Officer.
2016 TELPAS Online Testing & Data Collection. Disclaimer  These slides have been prepared by the Student Assessment Division of the Texas Education Agency.
How to complete and submit a Final Report through
Training Documentation – Replacing GSPR with RFQ 2.0
Program Management Portal (PgMP): What’s New in R8 for the Client
How to Create and Start a Test Session
How Students Log In and Start a Test
Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.
iSecurity AP Journal Training
Authority on Demand Control Authority Rights & Emergency Access
Presentation transcript:

1 Authority on Demand Provide high authority “as-needed” with full Audit Trail

2 The Challenge Companies are finding it more and more difficult to monitor activities of “non-corporate” personnel such as consultants, auditors, contractors, etc. The increase in “insider threats”, i.e. from company personnel, has made it mandatory that employee’s activities be closely monitored. Emergency access to critical application data and processes is a very common security breach which is often uncovered in IBM i audits. Manual documentation of emergency access is not only error-prone, but does not comply with regulations and auditor’s security requirements. Companies define user’s security levels and allocate security rights in accordance with job responsibilities; sometimes (evenings, weekends, vacations, etc.) these rights may not be enough to carry out an assignment..

3 Authority on Demand- Features Easy to Use – Green-screen & GUI (suitable for non-technical staff) simplify granting special authorities when needed. Add & Swap Security Levels – Unique feature! Adds additional security rights to requesting user which is mandatory for correct auditing; can also swap higher rights from a more powerful user as done by competitive products, but this compromises auditing. Authority Transfer Rules & Providers – Easily pre-define special authority "providers" and special authority transfer rules, including in emergency situations. Safe Recovery from Emergency - Enables recovering from different types of emergency situations with minimum risk of human error. Full Monitoring Capabilities - logs and monitors all user’s activities during the period with higher authorities. Sends real-time alerts when personnel request higher authorities. Automatically sends audit trail report when high authority is released including screenshots viewed, commands issued, field data updated or viewed, etc. Controlled Access – Allows only relevant personnel to access business-critical data & processes.

4 Part 1 Authority on Demand Scenario

5 Without Authority on Demand: Inefficient Work Mode Sam Evans Programmer Has authorities for Test & Development Needs authorities for Production once a week Richard Garner Busy IT Manager Hi Sam… temporary authorities for the Production folder? Don’t have time now… maybe next week... OR OK, let me make a note on this slip of paper…Damn, can’t find it. Authority Request Rejected

6 With Authority on Demand: Automatic Granting of Special Authorities Let’s define authority rules: When Sam Evens requests authority for Production Folder between 8AM-16:30PM, Authority on Demand will automatically grant it… Uh, Richard, I need authorities for the Production folder again…

7 Requesting Special Authority… Now that we have AOD, I’ll request authority… Wow, this is so much easier than calling up Richard…

8 Instantly & Automatically Receiving Authorities Got the authorities!

9 Finally, I don’t have to waste my time on granting special authorities… the whole process is automatic and I can see a full log of Sam’s authority requests and even screen captures! Effective Monitoring of Special Authorities

Consultant or Programmer requests to temporary access to an object for which they don’t have authority; perhaps on a weekend, overnight, etc. Gives permanent additional authority Manually Adds additional authority to user profile and sets a reminder to revert Swaps requestor’s user profile with an alternate user profile which has higher authority Adds temporary higher authority to requestor’s user profile Full audit trail of requestor’s activities while working with higher authority. Authority should be given on “as needed” basis only Forgets to revert user profile to original status When viewing DB & QAUDJRN logs, a wrong user profile appears! No Risk thanks to AOD ProviderRequesterRegulator The 4 Options for the Authority Provider Risk

AOD Workflow: From User to Provider to Auditor User needs temporary, “higher” authority … User requests via GETAOD from Provider, automatically or ad-hoc (as QSECOFR) User receives temporary, higher authorities and Provider is notified Review Time Group IP Address Date/Time PIN User’s higher authorities revoked by RLSAOD or time expiration Auditor automatically receives reports and recorded session screenshots via Higher authority not granted Request Approved Request Not Approved

12 Part 2 Authority on Demand Screens

13 AOD Welcome Screen

14 Authority on Demand Log DANA obtained ADD authority of user QSECOFR in job /DANA/QPADEV0003. Reason: Need to check problem in production system. Confirmation ID: 5634 Time: 11/03/14 22:40 DANA released ADD authority of user QSECOFR in job /DANA/QPADEV0003. Time: 11/03/08 23:19 ID: 653 Attachment 1 – Commands entered Attachment 2 – Captured Screens Attachment 3 – DB Records changed Commands entered ID: 653, Attachment 1 DB Records changed ID: 653, Attachment 3 Captured Screens ID: 653, Attachment 2 * Other attachment options available (all QAUDJRN information, summary of changes made by Ad-Hoc utilities…)

15 Authority on Demand Main Menu

16 Work with Authority Rules

17 Modify an Authority Rule

18 Modify an Authority Rule

19 Work with Authority Providers

20 Modify definitions for an Authority Provider

21 Define (Option 6) and Change a Time Group

22 Activation menu (Option 11)

23 Request to obtain Authority (GETAOD)

24 GETAOD was successful- with message

25 messages for Start/End Authority

26 GETAOD was not successful- with message

27 Unsuccessful GETAOD: log and

28 Unsuccessful GETAOD- full explanation

29 Display AOD Log Entries- Option 41

30 Sample AOD Log Entries- F10 for Details

31 Select type of AOD Log entries to Display

32 This is the QAUDJRN log for one AOD request. Audit Log for one Get AOD request

33 AOD log contains “pointers” (i.e. attachments) to the appropriate QAUDJRN log. Option 43: Print Log

34 This is the printed QAUDJRN log for a single AOD request. Print output of QAUDJRN

35 Showing “Captured” Screen Image

36 Another “Captured” Screen Image

37 AOD System Configuration- Option 81

38 General Definitions Configuration Screen

39 AOD Log Retention Configuration Screen

40 SYSLOG Definitions

41 These are the SYSLOG messages written when authority was added. SYSLOG Messages

42 Emergency Operator Screen

43 Please visit us at Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.