How to configure rules so that a manager is restricted to audit reports of only those employees who report to him?
Many a times in an organization managers are expected to review the audit reports of their employees so that they can take appropriate action in case any risky activity is executed by an employee.
Compliance Auditor in Privileged User Manager (PUM) console provides a feature where one can review all audit reports. It provides some filters which we can restrict what reports should be shown to which manager. In order to achieve this a few configurations are required which is explained using a use case below:
Assume that we have two managers – Manager1 and Manager2.
Emp1, Emp2, Emp3 – reports to Manager1
Emp4, Emp5 – reports to Manager2
Manager1 and Manager2 – they report to Director1.
So in above case, Manager1 should be able to review audit reports of Emp1, Emp2 and Emp3. Manager2 should be able to review audit reports of Emp4 and Emp5.
Director1 should be able to review reports of all 5 employees and 2 managers.
This can be achieved by doing following configurations in PUM:
I. Framework User Manager Configuration:
This role creation is used later in Compliance Auditor to restrict the access of audit reports which will be explained later.
II. Command Control Configuration:
Begin Rule: Default Audit Audit Group = "Default Audit" End Rule: Default Audit Begin Rule: Audit Mgr - Manager1 If (user IN Manager1) Then Audit Group = "Manager1Team" End If End Rule: Audit Mgr - Manager1 Begin Rule: Audit Mgr - Manager2 If (user IN Manager2) Then Audit Group = "Manager2 Team" End If End Rule: Audit Mgr - Manager2
By creating the above rules whenever Emp1, Emp2 or Emp3 starts a session in a system where PUM agent is installed, all their sessions are tagged with Manager1Team Audit Group. Similarly all sessions of Emp4 and Emp5 are tagged with Manager2Team.
III. Compliance Auditor Configuration:
Create Compliance Auditor Rules as follows:
Create two Rules as Follows:
As a result of the above rules, Compliance auditor will collect audit reports in following fashion:
Thus required functionality is achieved as follows:
Note: There is an alternate way of doing the same which is explained in brief below:
You will achieve the same result. This approach is tedious, as if one manager has 1000 employees reporting to him or so, then creation of the above rule with submituser filters will not be easy and non readable.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.