Keeping Track of User access

dh4234 · ‎02-01-2011

I was given the task of creating some sort of user access matrix. My company wants a db or list of some sort that tracks what systems users have access to. Has anyone else had a similar requirement? If so how did you set it up? They tell me this needs to auditable to meet some sort of SOX requirement. I was thinking I could set this up as a CI, but I'm not sure if that is the best way to do it. Ideas would be greatly appreciated.

MB26 · ‎02-02-2011

I created something like what you are explaining. We wanted to know who and what groups had admin access to every server/computer. We were using Altiris inventory system. Altiris has a table that lists the local admins for each server/computer. I created a jdbc database data source and transform map to map these fields to a table I had previously created. This table had references to the Configuration Item so it could be used as a related list on the CI. I could then create reports based on this info.

All in all, you can do this if you have somewhere to gather the information from. If you have some sort of inventory system, altiris, Microsoft SCCM, home grown scripts, whatever else that has a database or outputs an excel file, the info can be imported and mapped to where you want.

http://wiki.service-now.com/index.php?title=Data_Sources
http://wiki.service-now.com/index.php?title=Importing_Data_Using_Import_Sets

dh4234 · ‎02-15-2011

the problem I am running into now is that my external data source stores the user's by userid. What is the best to convert the userid so I can update my assigned_to reference field? I have a field on the user record that already has the corresponding userid. Would a transform script be the best way to do that?

MB26 · ‎02-16-2011

I had this same issue with Altiris. Everything was referenced in a GUID. It is a good thing you have this userid already in your user record I did something like this. I created a before transform script to query the user record to find the user with the GUID, then returned the user sys_id into whatever field I needed it in. So everytime the transform would process a row in the import table, it would run this query and populate the target field.



var rec = new GlideRecord("sys_user");
rec.addQuery("correlation_id", source.u__resourceguid);
rec.query();
while (rec.next()) {
target.assigned_to = rec.sys_id;
}

MB26 · ‎02-16-2011

Duplicate. Clicked twice.