0

AccessManagement Audit Functionality

  • updated 12 days ago

Description

LogicNets allows you to publish projects as packages and make them available using a published start code. Based on the configured authentication and roles settings and the configured user groups, users can access these packages with or without authentication and with specific roles. You can also place published packages on the logon portal dashboard. Deploying packages with start codes but without authentication or defined user roles risks allowing security leaks in your system; therefore, LogicNets recommends you periodically check which packages are deployed and who can access them.

To support this audit/security check, LogicNets added two dashboards to the Access Management function: Package/Groups and Users/Groups.

Starting an Audit

To start an audit, click the Access Management icon on your dashboard.

From the left-side navigation bar, select the Audit icon. 

The system gathers the current information from your LogicNets system and displays your Audit dashboard.

Package/Groups

The Package/Groups dashboard lists all packages available on a company's installation, and this dashboard displays the following information for each package:

  • Start code
  • The groups that can start a package through the Logon Dashboard/Portal
  • The roles assigned to each user group

One of the groups in this view is Guests, which identifies those packages that users can access without authentication. An authenticated user is authorized to use a package if there are no defined roles or if the authenticated user has at least one package role assigned. Packages without roles will appear with role (default).

The Package/Groups view also checks for common security weaknesses and displays warnings when a package with start code and one of the following is true:

  • The authentication is disabled. This means authentication is not enables and any user or guest can access the package.
  • The package does not have defined roles. This means any authenticated user is authorized to use the package.
  • One of the parent frameworks is not available. This means the parent package (<parent>) is not installed.

Users/Groups

The Users/Groups dashboard lists all users defined in the system and each group to which that user is assigned. The dashboard lists the following user types:

  • Local users
  • Users configured in user groups as non-local users
  • Rule-based/dynamic users defined in IdP configurations; for example, strfind(user_email, "@logicnets%.com") contains all users ending with @logicnets.com.

Download

Filtered data shown on screen can be downloaded to JSON format only currently. To review and use the data in other formats such as Microsoft XL, the JSON file can be imported and split into columns using Power Query (example instructional video here), or there are free and paid third-party tools like gigasheet.com that offer an upload JSON and download CSV service.

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like Follow
  • 3 mths agoLast active
  • 14Views
  • 2 Following

Home