Upcoming Release: One Click Reporting, Auditing Enhancements and Usability Improvements18, May 2016
With the June 17, 2016 release of Access Analyzer, we’ve made a ton of improvements in reporting, usability, and performance based on our customers’ feedback and learnings about how they use the application. Here is a list of some of the more significant changes you will see in the latest version.
Single Sign-On (SSO) Support
If your company uses Office 365 or Azure Active Directory, it is now possible for you to set up SSO integration with Access Analyzer.
One-Click Reporting and More
It is now possible to create a set of Reports from a single screen. The request will initiate a Security Extract, a set of Utilization Extracts, a Security Analysis, and a set of reports. On completion, Access Analyzer will notify you that your reports are ready to view. If you prefer to schedule an extract, analysis, or a report separately, those functions can now be found under the new Advanced menu.
Other reporting enhancements include: SAP user full names now available in reports, Risk Ratings are now included in the WhatIf Report, and it is now possible to filter on Business Process Code and Risk Code when scheduling a Security Analysis Report.
Now Easier to Select Users and Role
The User and Role selection screens have gone through a usability update with an improved layout. The search capability has also been enhanced to make finding the User or Role that you want even easier.
Electronically Signed Reports. If your auditors require a guarantee that the SoD Analysis Reports you have generated have not been tampered with, it is now possible to have Access Analyzer electronically sign the Business Process Conflicts Report. If there are any changes to the file, the electronic signature is removed.
Mitigating Controls Bulk Import and Visibility. It is now possible to bulk import mitigating controls along with rulebooks via the Bulk Rulebook Import feature. In addition, full details of any mitigating controls are now included in all relevant reports. This includes the User Conflict Matrix and Business Process Conflict screen for conflict hits.
Client Account Locking. To support consulting firms using Access Analyzer, it is now possible to mark an account as locked. In the locked state it is not possible to delete Extracts, Analyses or Reports that have been created. The feature is intended to support cases where a company is legally obligated to retain all files.
Security Analysis Log. For Security Analyses, a log is now generated as the analysis progresses, which becomes available in the analysis result file. This allows you to check exactly what happened in the analysis and will include details such as excluded users, roles and overflow profiles.
Security Analysis Data Available for Bespoke Reporting. Security Analyses are now saved in the form of an SQLite Database. This makes the low level information available for review and it also makes it possible to integrate the analysis into bespoke reporting systems.
Rules and Rulebooks One-To-Many, Rulebook Track Changes
The same rule can now co-exist in multiple rulebooks. This allows the user to create specialized rulebooks when they want to focus on specific types of risk and use the same rules in a more general Rulebook while maintaining the rule owners and mitigating controls.
Additionally, it is now possible to see who changed anything in a rulebook, including when it was created and when it was changed.
Multiple Connectors Associated to a Single SAP Instance
A challenge that we saw with the association of SAP data to Agents and Connectors was that if the Agent host was changed or the Connector name was changed, the association to SAP would change. Now it’s possible to have multiple connectors associated with a single SAP instance and the data will always represent the same SAP Environment, regardless of the Connector that was used to get the data. This also allows us to load-balance Agents for availability so that it is now possible for there to be multiple Agents and connectors providing access to a single SAP Environment.
In addition, the GUI has been enhanced to allow a user to select the SAP Instance once and use that same SAP Instance for all screens that are accessed.