The User Reviewer is included in our Metacoda Security Plug-ins software. It is used to easily review all of your user identities in your metadata to find out their group memberships (identity hierarchy), their role memberships, the capabilities they have access to, all of their accessible logins, any associated internal logins, any ACTs and ACEs they participate in, any ACTs and ACEs that have been applied to protect them, and any external identities they may be associated with.
Key features in the User Reviewer include:
- Users table: displays a list of all users present in metadata together with summary information and indicators for those users. The table can be customized by hiding or showing columns, re-ordering or re-sizing columns, and sorting rows by any of the available columns. The filter bar allows you to quickly find a specific user of interest.
- Groups tab: shows all of the direct and nested groups the currently selected user is a member of. The tree view shows the identity hierarchy for the currently selected user. The filter bar allows you to quickly determine if the selected user is a member of a targeted group (regardless of the level of nesting) together with the path, or paths, by which they are a member.
- Roles tab: shows all of the roles the currently selected user is a member of including direct memberships, indirect memberships through nested groups and the implicit SASUSERS and PUBLIC groups. The filter bar allows you to quickly determine if the selected user is a member of a targeted role (regardless of the level of nesting) together with the path, or paths, by which they are a member.
- Capabilities tab: shows all of the SAS application capabilities registered in metadata and an indication of whether the currently selected user is provided that capability. You can also see how that capability is acquired including all of the memberships paths that provide it. The filter bar allows you to search for a specific capability and find out if the selected user has the capability and how they are getting it.
- Logins tab: shows all of the logins the user has access to. This includes private logins for the selected user together with any shared group logins the user has access to by virtue of their group memberships.
- Internal Logins Tab: shows details of any internal SAS account/login that might have been created for the selected user.
- ACT participation tab: shows the details for any Access Control Templates (ACTs) where the user is directly participating in the definition of the ACT.
- ACE participation tab: shows the details for any Access Control Entries (ACEs), including associated object, where the user is directly participating in the ACE on the object.
- ACT protections tab: shows any Access Control Templates (ACTs) that may have been directly applied to the selected user to protect the user registration.
- ACE protections tab: shows any explicit permissions, or Access Control Entries (ACEs), that may have been directly applied to the selected user to protect the user registration.
- External identities tab: displays any external identities, such as Active Directory or LDAP accounts, that may have been linked to the user during enterprise directory identity synchronization.
- HTML export: all of the information available in the User Reviewer can be easily exported in HTML format for documentation, audit and troubleshooting purposes.
- Security Test XML export: export test specifications in Metacoda Security Test XML format for use in the Testing Framework. Regular testing can be scheduled to automatically detect deviations from this baseline to trigger email alerts.
APPLICATIONSSAS Platform Administrators will find the User Reviewer useful to:
- Determine which groups user identities belong to; taking into account implicit, direct and indirect memberships, as well as group nesting.
- Find out which roles user identities belong to and how their membership of that role has been defined.
- Examine the capabilities of user identities and determine how their capabilities have been specified.
- Explore login information for user identities, whether they participate in or are protected by any ACEs or ACTs and if they are associated with identities in an enterprise directory.
- Easily document the users within a metadata security plan. Then regularly verify the current implementation against that plan, identifying any changes or concerns.
LICENSING & EVALUATION
The User Reviewer is available in our Metacoda Security Plug-ins Basic and Enterprise level packages. We offer three license package levels: Starter, Basic and Enterprise. Read our licensing page to find out which package is best for you.
Register today to:
- start using our free Metacoda Utility Plug-ins
- start using our free Metacoda Custom Tasks
- request a free 30 day evaluation license to trial our commercial software, Metacoda Security Plug-ins.
If you have any questions, please contact us.