The Group Reviewer is included in our Metacoda Security Plug-ins software. It is used to easily and efficiently review all of the group identities in your metadata to find out their members, their group memberships, their role memberships, the capabilities and shared logins they provide to their members, any ACTs and ACEs they participate in or have been applied to protect them, and any external identities they may be associated with.
These are some of the major features in the Group Reviewer:
- Groups table: displays a list of all groups present in metadata together with summary information and indicators for those groups. The table can be customized by hiding or showing from the set of available table columns, re-ordering or re-sizing columns, and sorting rows by any of the available columns. The filter bar allows you to quickly find a specific group of interest.
- Members tab: shows all of the direct and nested members of the currently selected group. The filter bar allows you to quickly determine if any other group or user is a member of the selected group (regardless of the level of nesting) together with the path, or paths, by which they are a member.
- Groups tab: shows all of the direct and nested groups the currently selected group is a member of. The filter bar allows you to quickly determine if the selected group is a member of another targeted group (regardless of the level of nesting) together with the path, or paths, by which they are a member.
- Roles tab: shows all of the roles the currently selected group is a member of, including direct memberships and indirect memberships through nested groups. The filter bar allows you to quickly determine if the selected group is a member of a targeted role (regardless of the level of nesting) together with the path, or paths, by which they are a member.
- Capabilities tab: shows all of the SAS application capabilities registered in metadata and an indication of whether the currently selected group provides that capability to its members. You can also see how that capability is provided including all of the role memberships paths that provide it. The filter bar allows you to search for a specific capability and find out if the selected group provides that capability to its members and how they are getting it.
- Logins tab: shows all of the shared logins the group provides to its members.
- ACT participation tab: shows the details for any Access Control Templates (ACTs) where the group is directly participating in the definition of the ACT.
- ACE participation tab: shows the details for any Access Control Entries (ACEs), including associated object, where the group is directly participating in the ACE on the object.
- ACT protections tab: shows any Access Control Templates (ACTs) that may have been directly applied to the selected group to protect the group registration.
- ACE protections tab: shows any explicit permissions, or Access Control Entries (ACEs), that may have been directly applied to the selected group to protect the group registration.
- External identities tab: displays any external identities, such as Active Directory or LDAP groups, that may have been linked to the SAS group during enterprise directory identity synchronization.
- HTML export: all of the information available in the Group Reviewer can be easily exported in HTML format for documentation, audit and troubleshooting purposes.
- Security Test XML export: export test specifications in Metacoda Security Test XML format for use in the Testing Framework. Regular testing can be scheduled to automatically detect deviations from this baseline and trigger email alerts.
APPLICATIONSSAS Platform Administrators will find the Group Reviewer useful to:
- Determine which user identities belong to which group; taking into account implicit, direct and indirect memberships, as well as group nesting.
- Find out which roles groups belong to and how their membership of that role has been defined.
- Examine the capabilities of groups and determine how their capabilities have been specified.
- Explore whether groups participate in or are protected by any ACEs or ACTs, if they provide any shared logins, and if they are associated with groups in an enterprise directory.
- Easily document a metadata security plan. Then regularly verify the current implementation against that plan, identifying any changes or concerns.
LICENSING & EVALUATION
The Group Reviewer is available in our Metacoda Security Plug-ins Basic and Enterprise level packages. We offer three license package levels: Starter, Basic and Enterprise. Read our licensing page to find out which package is best for you.
Register today to:
- start using our free Metacoda Utility Plug-ins
- start using our free Metacoda Custom Tasks
- request a free 30 day evaluation license to trial our commercial software, Metacoda Security Plug-ins.
If you have any questions, please contact us.