In the RSA Identity Governance and Lifecycle 7.2 release, we have enhanced the unauthorized change detection feature processing:
- Filter by Accounts
- Filter by Users
- Filter by Groups
- Detect Unauthorized Missing Access
Filter By (Accounts, Users, Groups)
When creating a new unauthorized change detection (UCD) rule, the rule will continue to apply to all accounts in the system by default. To have the rule take action for specific accounts or exclude specific accounts click on the “All”.
Any UCD rule existing prior to this version will default to ALL accounts as that is the equivalent functionality in prior releases.
Clicking on the “All” will produce a pop-up which is our standard filter screen where you can limit the accounts.
Detect Unauthorized Missing Access
The Unauthorized Change Detection rule previously was only capable of detecting any new access that was collected for a user which was not authorized. This enhancement will detect when the selected access is removed from a collection for a user which was not authorized.
As seen in the UI there are two new check boxes. The first ‘Detect New Access’ represents the old functionality and ‘Detect Missing Access’ represents the new functionality. Any new rule will default so that detect missing access DISABLED as that is consistent with the default action of the rule in prior versions. You must go and enable this check box by choice.
Any UCD rule that exists in a prior version will be migrated so that the detect missing access is also disabled keeping the execution of the rule consistent with prior versions.