I am new to GRC and need to generate a report that shows when the last time an EBS access point was last acccessed. This needs to be a comprehensive report that shows all critical access points, such as all AP access points. Then we will seek user's manager to confirm the removal of access since the access point was last accessed six months ago.
Any input provided is appreciated.
Also, where can I get a download of GRC AACG/TCG templates?
Have a look at the user guide for AACG - http://docs.oracle.com/cd/E25137_01/fusionapps.863/e24372.pdf
There are several reports (6-1) and these reports can be extracted as csv format for you to do further analysis. I'm not sure if you'll get everything you ant from 1 report. In that case AACG data can be setup to export analytics into another schema where you can have BI Publisher use that as a datasource to do further customized reports.
It sounds like Oracle Consulting Services (OCS) may have a solution that can work for you, it utilizes Oracle Preventive Controls Governor (PCG) and reports on users and their access. The solution is an access review module that keeps track of who approved or rejected a users particular repsonsibility, etc.
I'm not sure what templates you're looking for? Are you referring to the seeded content that define the controls/violations?
Thanks Yasir. I apologize for not being clear in my original question.
Since AACG provide details for SOD conflicts between two access points for a user. We would like to determine which of these access points are false positives or are unncessary access points for a single user by analyzing when the user last utilized an access point. Thus we can then determine by last accessed date which access points are false positives or are extranous access points for the user.
Is there a way I can see this report in GRC? I don't believe the seeded reports can give me this information.
I don't believe this information is available seeded. What you may want to do is open SR and see if the last accessed date is captured when AACG synchronizes with the ERP. If so, then you would want to try the data analytics schema and create your own report using BI Publisher and the GRCC analytics schema.
AACG don't currently have the last access point report, why will you want to go by the approach and why will you trae this as false positives?
In my opinion, once you have defined your rules meaning SOD policies and you have identified violations first step is to ensure that they are true violations to approach this, i will eliminate all inquiry and true false positives via global and path conditions.
The next step is to focus on the intra role (design) related issues and also address inter role issues the next step is to either approve violations with strong mitigating control in place. In all, I will get the process owners involve to ensure the functionality (access point are needed in that responsibility/role).
You can also leverage TCG to develop special reports that will help you in your analysis such as dormant users, you can also leverage TCG to some extent to help but with your requirement....