Taskboards - Access Requests
The Access Requests page (System Configuration > Taskboards > Access Requests) allows you to define Permission Assist settings that affect the Change Management taskboard. You can also define corrective control policies for access requests. Settings in this area affect all access requests in all reviews and personnel events.
Settings Tab
This area allows you to determine which options are available within the Remediation/Change Management Taskboard.
Changing these options may affect access requests that were initiated within a currently open review.
Friendly Reminder: When you've finished making changes, select the Save button. If you forget to save your changes before leaving this page, your changes will be lost.
Actions |
|
---|---|
Option |
Description |
View Risk Ratings |
Allows you to determine whether reviewers are able to see the risk ratings assigned to each privilege. By default, this field is set to "Nobody" meaning risk ratings will not be displayed to anyone. To change this setting:
|
Can Act on Own Access Requests |
Allows you to determine whether reviewers are able to take action on access requests associated with their own privileges. By default, this field is set to "Everyone" meaning everyone will be able to take action on access requests associated with their own privileges. To change who can take action on requests relating to their own permissions:
Anyone who is restricted from reviewing their own permissions will see the approval restriction message displayed in the Review Buttons area of the Remediations/Change Management Taskboard (see picture below).
|
Always show a warning message even if the user can act |
This option works in conjunction with the Can Approve Own Access Requests option. When this option is selected, anyone who is allowed to take action on access requests related to their own permissions will see the following warning message displayed in the Review Buttons area of the Remediations/Change Management Taskboard (see picture below).
Selecting the I understand and wish to continue link at the bottom of this message allows the Provision Engineer to continue reviewing their own permissions and take action as needed. |
Notifications |
|
---|---|
Option |
Description |
Send an email alert when an access request is created |
Select this option if you want to enable automatic email notifications for the Provision Team. If selected, email notifications will be sent to the email address in the Default Access Request Email field when an access request is created. SMTP settings must be defined and enabled within the System Configuration > General Settings > Email tab in order for Permission Assist to send notifications. NOTE: Whether this option is selected or not, Permission Assist sends additional notifications to the appropriate person/people when an access request is approved, assigned, cancelled, completed, reopened, or resolved. |
Default Access Request email |
When the "Send an email alert when an access request is created" option is selected, use this field to specify the email address to which access request notifications are sent by default. This setting can be overridden at the application level (Manage > Applications > selected an application > Application Details page > Responsibilities tab > Remediation Alert Email) |
Add an attachment detailing the access request |
Select this option if you want to send detailed remediation information within the email notifications that get sent to Provision Engineers. This can be helpful if you're sending remediation notifications to an internal help desk team that doesn't have access to Permission Assist. When selected, this option will attach a detailed report of the remediation access request to the email notification (see sample below). |
Workflow Tab
The Workflow tab allows you to define the corrective control policies for access requests. This is helpful when you have policies within your organization that require approval for changes in certain situations. These are just a few examples of when you may want to set up corrective control policies:
-
You want to ensure someone approves an access request before it gets sent to the Provision Team
-
You want to ensure someone verifies that access request changes were completed correctly
-
You want people within certain roles to pre-approve or verify access requests that a specified level of risk
Examples:
-
You can set up a policy that requires an application owner to pre-approve any request related to a critical application
-
You can set up a policy that requires a supervisor or department manager to approve requests that involve changes to critical permissions.
-
To create a corrective control, enter information into each field as described below:
Field |
Description |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Add [allowed watchers] |
Determines the type of corrective control that's being created. Select this field to select one of the following options:
|
||||||||||||
rule for [Security Team] |
Determines which role is required by the corrective control policy. Select this field to pick the role. |
||||||||||||
Add Rule link
|
When the policy is defined as you would like it to be, select the Add Rule link to add the rule below, where it can be further defined. |
||||||||||||
Allowed Watchers |
This area displays the "allowed watchers" rules/policies that have been added. Allowed watchers are able to view access requests, but they are not able to take action on requests unless they have another authority that would allow them to take action. For each required control, enter information in the following fields as needed to define requirements:
|
||||||||||||
Pre-Work Approval |
This area displays the "pre-work approval" rules/policies that have been added. For each required control, enter information into the following fields as needed to define requirements:
|
||||||||||||
Post-Work Verification |
This area displays the "post work verification" rules/policies that have been added. For each required control, enter information into the following fields as needed to define requirements:
|