Event Triggers for Roles/Access Profiles Created/Updated?

We’re in the process of creating roles that are tied to job functions. As part of that, we will inevitably include access we’d consider privileged or SOX-relevant that would require periodic reviews.

When speaking with one of our auditors about having these roles assigned automatically via assignment definitions within a role, I was asked if we had the ability to document changes made to a role over time. This would provide an audit trail to determine who exactly might have had access at a given point in time.

This of course is possible with something like a source because the Source Updated Event Trigger exists. However, there is no such event for when roles and/or access profiles are created/updated.

I’m curious, has anyone run into a similar scenario? If so, how were you able to address it?

Hey @mcheek,

You can search for Role and Access Profile updates using the below technical names.

• technicalName:“ACCESS_PROFILE_UPDATE_PASSED”
• technicalName:“ROLE_UPDATE_PASSED”

These events are pretty detailed and provide info on any updates made to the configuration of the role/access profile.

Liam

It’s good to know an event type exists for it, just no trigger yet. I want to not rely on a scheduled job to track these changes in case multiple ones occur within a period of time, but it might be my only option for now

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.