In the Security and compliance studio, you can audit the security configuration in several ways:
  • Global security history - Shows all security configuration change events on all users, all security roles, duties, privileges, segregation of duties, stand-ins, and across all legal entities.
  • User security history - Shows all security configuration change events on the selected user across all legal entities.
  • Role security history - Shows all security configuration change events on the selected role across all legal entities.
Events done on the security configuration are logged in the security history. So, you can analyze the changes to the security configuration.
These events are logged:
  • AAD group created
  • AAD group deleted
  • Audit log initialized
  • Duty access to sensitive data given
  • Duty access to sensitive data undone
  • Duty created
  • Duty deleted
  • Duty modified
  • Entry point access to sensitive data given
  • Entry point access to sensitive data undone
  • Entry point created
  • Entry point deleted
  • Entry point modified
  • Objects published
  • Privilege access to sensitive data given
  • Privilege access to sensitive data undone
  • Privilege created
  • Privilege deleted
  • Privilege modified
  • Role access to sensitive data given
  • Role access to sensitive data undone
  • Role activated
  • Role assigned 
  • Role assigned dynamically
  • Role created
  • Role deleted
  • Role inactivated
  • Role locked
  • Role merged
  • Role modified
  • Role removed 
  • Role removed dynamically
  • Role unlocked
  • Security configuration exported
  • Security configuration imported
  • SoD conflict allowed
  • SoD conflict denied
  • SoD rule created
  • SoD rule deleted
  • SoD rule modified
  • SoD rules validated
  • Stand-in role assigned
  • Stand-in role removed
  • Stand-in rule conflict
  • Stand-in rule created
  • Stand-in rule deleted
  • Stand-in rules applied
  • User access to sensitive data given
  • User access to sensitive data undone
  • User created
  • User deleted
  • User disabled
  • User enabled
  • User modified


Standard procedure

1. Click Security audit.
2. Sub-task: Analyze global security history.
  2.1 On the Security history tab, analyze all events that are logged on the security configuration.
  2.2 An event as logged in the security history, can result from a security request. Once approved, a security request is implemented automatically. This results in a change event on the security configuration.
If an event results from a security request, the related security request is shown in the Security request reference field. You can view the related security request history.
  On the Security history tab, in the list, find and select the desired security-request-related event.
  2.3 Click Open security request history.
  2.4 Close the page.
3. Sub-task: Analyze role security history.
  3.1 Click the Role history tab.
  3.2 On the upper pane, all available security roles are shown.
  3.3 In the list, find and select the desired record.
  3.4 On the lower pane, analyze all events that are logged on the security configuration of the selected role.
4. Sub-task: Analyze user security history.
  4.1 Click the User history tab.
  4.2 On the upper pane, all available users are shown.
  4.3 In the list, find and select the desired record.
  4.4 On the lower pane, analyze all events that are logged on the security configuration of the selected user.

Notes

You can analyze the changes made to the security configuration of a specific user and/or role during a specific time period. To do so, on the Security audit workspace, in the Links section, click Security user log. Use the Date range, User ID, and Roles fields to filter the logged security changes. Click Collect and refresh data to apply the defined filters.

Related to Notes

Audit security history

 

Provide feedback