Question - Automated Account Review

rnaicker · March 6, 2023, 9:29pm

HI

We would like to use Eramba Automated Account Review for our User access review process. Initially I thought how we do review is different and ideally its not done like this but after discussion with over dozen organization I came to conclusion that majority do it like this.

Current Process

User accounts with their respective roles (each permission/access type per line) are collected from all applications (around 20)
The list is consolidated into a single CSV file.
We add other details to the list, such has the user’s manager name and manager email, and the application owner.
We use an in-house built application whereby we upload the consolidated list, and the application sends out emails to the respective managers with a list of users who report to them.
Feedback is taken from the managers and action is taken.

Important Note

Account reviews are done by the manager of the staff/employee as its impossible for the system owner to know all the staff or people who should/should not have access to their system (especially in a large environment)
Getting the user accounts and preparing the feed files is not a problem.
Eramba does not need to worry about getting a manager or getting files etc

I would like to use Eramba Automated account review.
I want to use Eramba, but I have the following issues; requesting that anyone can help me please

Currently, in Eramba, the account reviewer does the review, which is entered manually for each review type. this will not work for our case as each account type will have multiple user reviews and each user needs to be reviewed by different managers.

Two Possible Options

Creating each account review type for different managers so they will be the reviewers. This is ideal as I can easily create different feed files for respective managers.
- Problem is creating the account review manually will be difficult as we have over 50 different managers, so if there was an API to create an account review would be useful, which I believe currently isn’t.
I can work with the current Eramba setup, but what is the possibility of having the reviewer of each user in the feed file? for instance like
Username, Account Roles/permission, Reviewer

Thus what will happen for each review type? The pull will get the feed, and each review type will have multiple reviews (managers of respective users that are in that review). So when managers log in to the portal, they only get to review those reporting directly under them.

Looking forward to some constructive discussion and logical solution to this that works for all and not just certain groups of individuals.

Kind Regards
Ravishel Naicker

Posting Rules:

1- Your post subject must start with: “Question”, “Bug” or “Feature”. For example: Question - Internal Control Testing Dates

2- Make sure you review the documentation and FAQ before making any question, do not get offended if you are redirected by someone to read the manual!

3- If you are posting a bug or a software malfunction, please follow our Bug reporting instructions: FAQs | Eramba learning portal

4- If you are reporting a feature, you understand you have no copyright claim on it. If you make it public eramba or anyone else can take your idea, become a billionaire and share it with you nothing.

5- Keep it in English, Polite and Humorous. Sarcasm is also very much accepted.

If you can not follow these rules your post is likely to be ignored or deleted!

DerekP · March 7, 2023, 1:37am

Shooting from the hip here, but I’d use the custom status. Have a field for ‘Reviewed By’ and the Role drop down and then ‘Approved’ Yes or no drop down. The managers know who they need to review.

rnaicker · March 7, 2023, 10:10pm

Hi

This won’t be an ideal way, as managers here want only whom they have to review be shown to them.

One way is I create each review for each manager; however, day that its many reviews over 50, and no way to track it by application.

If there was an API to create reviews, I could have done this but sadly there isn’t currently.

rnaicker · March 9, 2023, 9:14pm

Any help or way from the members will be appreciated.

Kind Regards

kisero · March 10, 2023, 10:16am

in your scenario, i think you need to create one AR per Manager not per system. the attributes of the account review would be:

owner: you or someone in grc
reviewer: the manager of the area
frequency, type of review, etc is indifferent
feed: you will need the feed to include: employee, roles, system where they own an account (the third column on the csv is optional, but you will use it to describe the system/application)

when the reviewer gets the email he/she will know what account/system they are reviewing.

so, if you have 50 area managers you will have 50 AR and you will need 50 feeds no matter if you have 1,10 or 1000 systems.

that is the way you could do what you want with the current functionality.

this is not a change we want to make at this time

rnaicker · March 10, 2023, 10:22am

Hi

Thanks for the repond. Yes i guess only way forward is each review per manager.

Is there currently an API to create a review? If so then I can script it up and whenever if there is a new manager, the review for that manager is created automatically in Eramba using API.

Also, I believe it will be good if we could have discussion in future how account review is carried out in most organization.

Kind Regards

kisero · March 10, 2023, 10:30am

if you see the “API” option on the menu is because that tab has APIs, if you don’t is because that tab does not have APIs

you have APIs on the “Feed” tab and you will most likely need them to constantly upload them.