This article describes the steps to install, configure and test the Centrify Reports feature included with Centrify Suite 2016. You will find this article useful if you're looking to accomplish the following goals:
- Increase the speed of Access and Privilege related reports
- Provide information to your Security or Audit counterparts for Access or Attestation purposes
- Automate Attestation report generation and delivery
- Provide a data source for custom report generation.
Disclaimer: This post is not a best practice, it's simply to aid you to study and test the feature before your consider it for production scenarios.
What is the Centrify Reports feature designed for?
It's designed to overcome the limitations of existing report generation via LDAP (speed), provide flexibility (SSRS or Bring your Own Reporting), and increase productivity (automate report generation and distribution).
Can you describe an example?
The typical scenario is that depending on your risk or regulatory profile you need to provide user entitlements (who has access to a server or collection of servers in a Centrify zone and what can they do with Privilege using DirectAuthorize). For example:
- Who has access to UNIX/Linux or Windows Server? What privileges do they have (dzdo/dzwin)? What AD object grants access?
- Who can access this collection of systems? What privileges do they have (dzdo/dzwin)?
These entitlement reports, are used typically in attestation exercises. Attestation may be done manually (you get together an ratify that these are the proper people that should have access) or automatically using a Security Governance tool (at that point, a feed is inserted to the tool).Read more...