Browse Prior Art Database

Employee Application Access Verification Tool

IP.com Disclosure Number: IPCOM000011890D
Original Publication Date: 2003-Mar-21
Included in the Prior Art Database: 2003-Mar-21
Document File: 3 page(s) / 383K

Publishing Venue

IBM

Abstract

Problem: Application security is a major corporate concern resulting in the need for security compliance procedures. These procedures generally include validation of userids as well as application access. Security verification and audits, in many companies, are performed on a regular basis (Monthly, Quarterly, Yearly, etc.). Application owners of Lotus Notes* access controlled databases should perform validations to verify application access, to assist in determining each users business need to continue to access a controlled application and to confirm that each user is still an employee of the company.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Employee Application Access Verification Tool

Application Access/Business Need: To verify application access, database owners must pull all the names from their Lotus Notes Access Control List (ACL) groups into a distribution list. The application owner can then use this distribution list to send a memo asking the users (or their managers) whether or not they require access to specific databases. Based on their responses, the database owners will determine whether or not to remove their names from the ACL groups. Creation of the distribution lists from many ACL groups is a large manual effort. Often a user is contained in multiple groups, so the process becomes even more tedious because you have to remove the duplicate entries.

Validation of a Lotus Notes Userid against the Corporate Employee Directory: For each application, each and every userid listed in all the ACL groups associated with that application should be compared to the Corporate Employee Directory to ensure that the Lotus Notes userid is associated with an active employee. Invalid userids must be removed from the groups. The process becomes more complicated when groups are nested within other groups. Performing this via a manual process, especially for systems with a significant number of groups and entries, is a massive undertaking.

Advantages of using the invention:

The purpose of this tool is to provide automation to the corporate security validation tasks. By automating the verification of Lotus Notes Userids with the Corporate Employee Directory, the validation tasks for corporate security compliance becomes a trivial task. By pressing a button in the tool, the database owners can select the ACL Groups that they wish to verify and are provided with a report of those employees that are inthe Corporate Employee Directory and those that are not. This employee list can be exported to a spreadsheet and is easily transferable to a distribution list for sending out the memos required for the application access validation process.

The invention team created a tool that looks at ACL groups, pulls the Notes Userids from those groups, compares them to the Corporate Employee Directory and returns the results.

The invention team created a Lotus Notes...