Extracting and Reviewing Usage Data
Access Risk Management extracts data of the Requestor's actions when they had elevated permissions. This data is used to generate a report Reviewers can use to whether they should accept or contest the usage.
Extracting Usage Data
Access Risk Management extracts utilization data and change logs from the connected ERP system. Utilization data tracks the actions executed, even if they were not completed or did not change the database. Change log data shows database creation, updates, and deletions.
Once data collection for both utilization and change logs is successful, Reviewers will receive an email notifying them to begin their review. All Reviewers are notified, but the decision is made by the first Reviewer to complete the review.
You can opt out of collecting change log data by selecting the Change Document Opt-Out checkbox in your configured SAP system. Please consult with SailPoint Support before making this change.
To ensure accurate utilization data, include all application servers on the agent configuration settings.
Resolving Usage Data Collection Errors
If there is an error collecting usage data, the requests will be marked in red on the Data Collection tab of the EAM Dashboard. You can change your view to display only requests with errors. Select the Request Snapshot icon to view request details.
Reviewers, Owners, Attestors, and Administrators can expand the Actions dropdown menu next to the request and select Restart Data Collection to try the process again. If data collection fails repeatedly, contact your ERP system administrators and Access Risk Management agent configuration owners to identify the cause.
Attesting Blank Extracts
When a successful utilization extract contains zero line items, the request is flagged as faulted and the configured EAM profile Attestors are notified by email. This serves as an additional control to prevent Reviewers from performing a review of an inappropriately blank utilization extract.
Attestors will certify that access was not used by the Requestor and that the extract is appropriately blank on the Active tab of the EAM Dashboard by expanding the Actions menu next to the request and selecting Attest Blank Extract.
If a Requestor did use the access, the Attestor should work with an Access Risk Management administrator or SailPoint Support to troubleshoot why the extract was blank.
Reviewing Usage Data
When Access Risk Management has successfully collected data on how access was used, Reviewers will receive an email notification to begin their review. Reviewers will use the Reviewer Dashboard to view the Requestor's actions, leave comments, and decide to Accept or Contest the usage.
Reviewers can access the Reviewer Dashboard by selecting View Request in the review email notification or selecting the Review tab in the EAM Dashboard, expanding the Actions menu next to the request, and selecting Perform Review.
The Reviewer Dashboard displays the review state as well the Request Details and Change Details, which include information about the request and actions taken.
Viewing Request Details
The Request Details tab in the Reviewer Dashboard displays metadata about the request and usage reports, key events, and a table of the Requestor's actions.
Request Metadata includes the Access Profile, intention, reason for the request, and the duration and type of entitlements granted to the Requestor.
Report Metadata is information about the report provided to the Reviewer, such as the counts of Utilization Data and Change Logs, as well as the times the report generation began and completed.
Key Events is a list of the request's key events, such as when it was created and approved, and when the entitlements were provisioned and deprovisioned.
Actions Table displays information on all actions the Requestor took during the period of elevated access, including if it was sensitive, non-sensitive, elevated, or standard.
You can select the filter icon in a column header to filter using the selected parameters.
Viewing Change Details
The Change Details tab on the Reviewer Dashboard displays a list and details of the available records of actions, such as the:
Change Number and Indicator
Document Type and ID
Names and descriptions of Transactions, Fields, and Tables
Accepting Access Usage
If the Reviewer confirms the Requestor used the elevated permissions appropriately, they will select Accept in the Reviewer Dashboard. They can choose to enter a comment before selecting Confirm to finalize the review. The request will display on the Completed tab of the EAM Dashboard with a disposition of Closed as Accepted.
All participants of the request can view the review report by expanding the Actions dropdown menu next to the request and selecting Open Review.
Contesting Access Usage
If the usage was not appropriate or the Reviewer would like clarification from the Requestor, they will select Contest in the Reviewer Dashboard and enter their reasoning. This explanation is sent to the Requestor in the email notifying them their request was contested and they must provide a formal response.
The Requestor will write a comment to clarify the actions and retain documentation for auditors. Reviewers and Requestors are notified of responses, and all users configured on the EAM profile can read and submit comments on contested requests.
Once the Reviewer is satisfied or the process is otherwise completed, they will select Close and choose Close as Accepted or Close as Contested to finalize and close the review.
Closed reviews are displayed on the Completed tab of the EAM Dashboard. All participants of the request can view the review report by expanding the Actions dropdown menu next to the request and selecting Open Review.