Example: Visualization of Permission Assignment to Identities
The graphic shows the roles and permissions assigned to a selected identity. The color coding indicates the different types of assignments. Similarly, it is also possible to display all identities to which a selected permission has been assigned.
Example: Informative Matrix Representation of Permission Assignments
One of several options for role creation: The assignments of permissions to identities are shown in a matrix. Common assignments can be visually identified. By selecting them accordingly, roles are created and displayed directly.
Example: Ad-hoc Reporting for Compliance Violations
This list shows the detected compliance violations for the selected identity or identities. In the example, the two roles “System Architecture” and “SAP Administration” form a critical combination for the identity Daniel. Additionally, this identity has access to “System J”, which also violates a compliance rule.
Example: Maintenance Function for Identifying Similar Roles
This list highlights similarities between roles based on their assigned permissions. A match of approximately 100% indicates that roles could potentially be merged.
Example: Visualization of Permission Assignments to Users
The graphic shows the permissions assigned to a selected identity. The color coding indicates the different types of assignments (direct or inherited). Similarly, all users to whom a selected permission is assigned can be displayed.
Example: Listing of NTFS Access Permissions
This graphic lists NTFS access permissions. It shows which employee has access to which directory via which Active Directory group. Direct accesses without an AD group are highlighted in red.
Example: Comparison of Users Based on Their Assigned Permissions
This list compares a selected group of users with regard to their assigned permissions.
Example: Ad-hoc Report Generation for Compliance Violations
This list identifies violations of existing compliance requirements. In the example, these include: “Employees from the OT business unit must not have access to Application D” and “Exclusion of the combination of access permissions for drive G:\ and Elan-Test,” each with different levels of criticality.
