Apply an ARM account to a specific security role or data owner

There are two possibilities of involving data security officers and auditors in security related processes.

  • Grant the user read only access to ARM.
  • Define which reports are relevant and ARM will send them to the user automatically in the desired frequency.

 

Create a simple read-only account in ARM

Background / Value

Involve security officers in the process of access rights management by granting them read-only access. This allows them to generate their own reports.

These settings can be found in the ARM configuration application. You can find more detailed information in the chapter "Manage ARM Users".

 

Step-by-step process

  1. Start the ARM configuration application.
  2. Select "User Management".
  3. Use the search field to find the desired account.
  4. Use drag&drop to move the account to the right column.
  5. In the role column, select "Auditor".

The settings are active immediately.

 

Schedule reports

Background / Value

You can involve security personnel in the access rights management process by assigning reports to the appropriate security officers. ARM sends the reports in the desired frequency. The process is identical for all reports.

We recommend sending a selection of management reports to the role responsible for security. The reports are easy to read and only contain the necessary information.

 

ARM Management Reports:

Active Directory

Employees of a Manager

Display group memberships and user account details

 

File server

Who has access where?

Where do employees of a manager have access to?

Where do users and groups have access?

 

Exchange

Who has access to what?

Identifying mailbox permissions

 

SharePoint

Who has access where?

Where do users and groups have access?

 

Step-by-step process

Select the desired report. Click on "started manually" in the "Settings" area.

 

  1. Determine the frequency.
  2. Activate the mode "Generate reports periodically".
  3. Click on "Apply".

 

Click on "Deactivated".

 

D020-04 EN Reporte automatisch zusenden lassen

  1. Activate emails.
  2. Activate the option "Add report as email attachment".
  3. Determine who should receive the email. You can enter more than one recipient.
  4. Click on "Apply".