Access outside role

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi,

I’m looking for a list of access that user holds that are assigned outside his/her enterprise role.

Say for example, User A is from enterprise role : helpdesk, and assigned with AD group : helpdesk through role. But user also has other application access that are not defined in the enterprise roles.

I need to develop a report of the access list that the users hold that are not defined in their access profile.

If anyone who had already worked on similar report, Can you help me here.

2

Try this… this may do what you are looking for.
Once csv file is downloaded, open it in MS Excel and use filters to get what you need

image
image1804×368 20.9 KB

3

This may be related to this post which has an open IDEA.

If you just want the report and not handled through IDN, you may need to script this with the APIs. Here is how this could be done:

  1. Get All Users
  2. For each user,
    a. Get all of their entitlements (You can filter on a source or take them all) - List A
    b. Get all of their Roles, for each role, get all of the access profiles and for each access profile get all of the entitlements - List B
    c. Subtract List B from List A to have the entitlements that are not provisioned through Roles

Endpoints:
/v3/search
/v3/roles
/v3/access-profiles

1 Like
4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.