Over the past years, my team has been asked to conduct audits/reviews for other teams. Most of these audits have been compliance-driven and almost all of them have followed the same format: some group of users have been granted a specific entitlement that some authorizer/supervisor now needs to confirm or revoke.
For example: we produce lists of users that have been granted *R* (restricted) profiles on their physical access badges. These *R* profiles give these users access to restricted rooms e.g. data center, storage rooms full of iPhones, etc. Each *R* profile has two authorizers and we ask either authorizer to confirm/revoke the access (twice a year). Obviously, conducting these audits through email exchanges and spreadsheet is not feasible. What is required is a simple web tool where the authorizers will
- log in,
- see all the users that have the special entitlement (which is controlled by the authorizer),
- and, with the least amount of work possible, the authorizer will review/revoke the entitlement through that web interface.
At its most Zen: the authorizer should see two buttons (review | revoke) besides each user, and he clicks on one (for each user). No dropdown, no drill-down. One-click review/verify for each user. At a later date, the results from the review/audit can be queried – and these results applied (e.g. mass revocation/extension of the entitlements). Applying the results is outside the scope of the tool my team is looking for.
Note that we are definitely not looking for a full-blown Identity Management system here. We are looking for a generic audit/review tool: something to which you can feed lists of users and audit details, and it provides a web interface to authorizers to review/revoke entitlements.
Is there an open source tool that can be used/customized for this purpose?
Aucun commentaire:
Enregistrer un commentaire