Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Training Approach for Privilege Management by Audience

advertisement 
Decentralized Administrator (DA) Procedures for
Performing an Annual Audit of Privileges
I.
Running the Decentralized Administrator (DA) Privilege Document .............. 1
II.
Reviewing the Decentralized Administrator (DA) Privilege Document ........... 3
III. Running the Resource Export Report .................................................................. 4
IV. Reporting on Resources in Multiple Trees ........................................................... 7
V.
Reviewing the Resource Export Report ............................................................... 8
VI. Checking CRP for Centers .................................................................................... 8
VII. Documentation of Annual Review......................................................................... 9
VIII. Checklist and Verification for DA Annual Privilege and CRP Audit .............10
DA Annual Audit Procedures 5/13/2014
Vanderbilt University Medical Center
Privilege Management Annual Audit Reporting
Vanderbilt University Medical Center Policy # OP 40-10.01 requires that Decentralized Administrators
and Reviewers perform an audit of all privileges for the resources under their purview. This review
should be conducted no less than annually. This document provides the steps necessary to create the
two Documents required for this audit:
1. Decentralized Administrator (DA) Privilege Document- provides a complete listing of the
resources under a DA’s purview
2. Resource Export Report- details the privilege assignments under a specified resource
I.
Running the Decentralized Administrator (DA) Privilege Document
The Decentralized Administrator (DA) Privilege Document is a Business Objects report which you can
access through BI launch pad. You can log into BI launch pad from many Vanderbilt websites,
including www.vanderbilt.edu/ebiz.
Step 1: Log into BI launch pad using
your VUNetID and e-password
(make sure that your authentication is set to Windows AD).
Step 2: Once you log into BI launch pad, you will default to the Documents tab with Corporate
Categories expanded. Click on the + box to expand the Privilege Management universe, and double
click Annual Audit to open the list of Documents in the Details window on the right.
Note: BI launch pad uses the term “Documents” when referring to the list below. Once a Document is
generated, individual tabs within the Document are referred to as “Reports.” Use this terminology when
navigating, saving, or printing from BI launch pad.
Note: If you do not see the
Privilege Management
universe folder, you need
access to the Privilege
Management Business Objects
universe. To get this,
complete the Business Objects
Access Request Form and
follow the routing instructions
on page 2 of the document.
1
Last updated: 5/13/2014
Vanderbilt University Medical Center
Privilege Management Annual Audit Reporting
Step 3: Available Privilege Management documents will be displayed in alphabetical order. Select
Decentralized Administrator (DA) Privilege from the list by clicking on the name.
Step 4: Once you open the Document, click “Advanced”
in the User Prompt Input box, or
click the “refresh data” icon, which appears as
in the lower right area of the Document
window. This will cause the Prompts menu to appear.
Step 5: Enter your VUNetID in the box circled below. NOTE: Make sure you enter your VUNetID in
ALL CAPS or the Document will not generate. Click the arrow
to select your VUnet ID. Once
entered, click OK as shown:
2
Last updated: 5/13/2014
Vanderbilt University Medical Center
II.
Privilege Management Annual Audit Reporting
Reviewing the Decentralized Administrator (DA) Privilege Document
This Document shows all resources under the purview of the selected Decentralized Administrator. The
Resource column reflects Home Departments and Cost Centers, as well as groups of Resources, such as
Sumto Home Departments or PCC Sumtos. DAs should run this Document annually and complete an
annual audit for each resource under their purview.
Note: Some resources may be listed more than once. This indicates that the resource resides in more
than one hierarchy, or reporting tree. Note that in these instances only one audit is required (see related
instructions in Section IV, p. 7).
This Document can be printed and should be saved, as shown below.
3
Last updated: 5/13/2014
Vanderbilt University Medical Center
III.
Privilege Management Annual Audit Reporting
Running the Resource Export Report
The Resource Export Report is a Business Objects report accessed through BI launch pad. You can log
into BI launch pad from the many Vanderbilt websites, including www.vanderbilt.edu/ebiz.
Step 1: Once logged in to BI launch pad, click the Documents tab at the top to access the Privilege
Management/Annual Audit menu of reports.
Step 2: Once returned to the menu, you will see a variety of Documents displayed in alphabetical order
by Document name. Locate the one titled Resource Export Report and double click on the Document
name, as shown below:
Step 3: Once you open the Document, click
in the User Prompt Input box, or click the refresh
data icon, which appears as
in the lower right area of the Document window. This will
cause the Prompts menu to appear.
4
Last updated: 5/13/2014
Vanderbilt University Medical Center
Privilege Management Annual Audit Reporting
Step 5: “Enter Resource ID (in ALL CAPS)” is the first prompt required to generate the Resource
Export Report. You may choose a resource by selecting a resource from the list on the bottom left of the
prompt screen or by entering the desired resource in the entry box circled below (choose a Resource
from the Decentralized Administrator (DA) Privilege Document). Use the arrow
to select the
resource once entered.
Step 6: Click “Enter Structure (Tree) Name” and the list of values will appear in the box below. Refer
to the Decentralized Administrator (DA) Privilege Document and select the Structure listed in the Tree
column of that Document for the appropriate resource. (Please refer to the Section IV, p. 7 for resources
listed with multiple Structures/Trees.) Use the arrow
to select the Tree Name once highlighted.
5
Last updated: 5/13/2014
Vanderbilt University Medical Center
Step 7: Click
Privilege Management Annual Audit Reporting
to generate the Document.
Step 8: Once generated, it is important to save the Document as BI launch pad may time-out while you
are reviewing the data (20 minutes). To save the Document , simply drop-down the Export menu, select
Export Document As and choose the desired format as shown below:
6
Last updated: 5/13/2014
Vanderbilt University Medical Center
IV.
Privilege Management Annual Audit Reporting
Reporting on Resources in Multiple Trees
The Decentralized Administrators (DA) Privilege Document may indicate that a resource is contained in
multiple Structures/Trees. When this occurs, select Fund Accounting Tree when choosing the Structure
(Tree) Name for the Resource Export Report.
7
Last updated: 5/13/2014
Vanderbilt University Medical Center
V.
Privilege Management Annual Audit Reporting
Reviewing the Resource Export Report
No less than annually, each Decentralized Administrator and Reviewer should perform an audit of all
privileges assigned to each resource within their purview to ensure staff with system access and/or
transaction approval are valid. The audit should include the following activities:
1. Delete all privileges for staff whose roles have changes or are no longer active in the
department due to termination or transfer from your department; and
2. All privileges for staff in a “leave” status are in a suspended state or no longer suspended if
they have returned from leave; and
3. All persons listed have the appropriate privilege for the appropriate resource (also review
dollar limits for appropriateness based on department guidelines).
Note: If the reinstatement of privileges involves a “high risk” privilege, the workflow approval process
will be triggered in the Privilege Management application.
Users may also have unnecessary or “duplicate” privileges assignments which should be removed. An
example of this is a user with a privilege (ex: eDog Viewer) granted on a sumto center (ex: PCCSum Radiology) and the same user also holding the same privilege on one or more 10 digit cost centers that
roll up to the sumto center (ex: 8-01-464-0005 rolls up to PCCSum - Radiology). In this example, the
eDog Viewer granted on the cost center is unnecessary, since eDog Viewer granted on the sumto
automatically gives access to all cost centers underneath by way of inheritance, and should be deleted.
VI.
Checking CRP for Centers
Using the same Resource Export Report Document, click on the third worksheet tab on the far right,
titled “Center Responsible Person.”
This report displays all the 10-digit cost centers that roll-up (directly or indirectly) to the Resource
entered on the prompt menu, but is designed to quickly highlight the Center Responsible Persons (CRPs)
for each.
NOTE: This tab will remain blank if you refresh the Document with a Home Dept or SumtoHD, since
HDs do not have CRPs.
8
Last updated: 5/13/2014
Vanderbilt University Medical Center
Privilege Management Annual Audit Reporting
As part of the annual review, scroll through the CRPs for each resource in your purview to determine if
changes or updates are needed.
Should you identify one or more CRPs in need of updating, simply compile that information in an email
(include Center# with the name of the new CRP) and submit as a request to ofa@vanderbilt.edu.
VII.
Documentation of Annual Review
Decentralized Administrators can retain either paper or electronic copies of the reports used for this
audit as proof of its execution and justification for removing invalid or unnecessary privilege
assignments. Regardless of how DAs choose to maintain historical records of this activity, it is
important to keep these files organized and readily available. In the event of an internal audit or other
review of your functional area, this documentation will be of great value.
9
Last updated: 5/13/2014
Vanderbilt University Medical Center
Privilege Management Annual Audit Reporting
VIII. Checklist and Verification for DA Annual Privilege and
CRP Audit
The checklist below can be used to help ensure this once yearly task is completed and documented as
needed. Use of this checklist is optional.
1. ___ Run and Save the DA Privileges Document
2. ___ Run and Save the Resource Export Report
3. ___ Review & resolve invalid privileges in purview
4. ___ Review & resolve the Center Responsible Person (CRP) for centers
5. ___ Document completion of annual audit
________________________________
Signature of Decentralized Administrator
_______________________
Date of completion
10
Last updated: 5/13/2014
Related documents
LG Electronics - Software Analysis Course
LG Electronics - Software Analysis Course
Privilege and Power in the Classroom
Privilege and Power in the Classroom
ahead2012-7.2
ahead2012-7.2
Title: The Health Care System as White Public Space: The Cases of
Title: The Health Care System as White Public Space: The Cases of
Social Identity Profile
Social Identity Profile
Download
advertisement