Documentation Index

Fetch the complete documentation index at: https://docs.staedean.com/llms.txt

Use this file to discover all available pages before exploring further.

Analyze security configuration history

Prev Next

In the Security and Compliance Studio, you can audit the security configuration in several ways:

  • Global security history - Shows all security configuration change events on all users, all security roles, duties, privileges, segregation of duties, stand-ins, and across all legal entities.

  • User security history - Shows all security configuration change events on the selected user across all legal entities.

  • Role security history - Shows all security configuration change events on the selected role across all legal entities.

Events done on the security configuration are logged in the security history. You can analyze these changes to the security configuration. The following table lists each security configuration element and its related logged events:

Security configuration element

Event logged

Azure AD group

  • Created

  • Deleted

  • Modified

Audit log

  • Cleanup executed

  • Initialized

Duty

  • Access to sensitive data given

  • Access to sensitive data undone

  • Created

  • Deleted

  • Modified

Dynamic snapshot

  • Auto-updated

  • Created

Entry point

  • Access to sensitive data given

  • Access to sensitive data undone

  • Created

  • Deleted

  • Modified

Form control permission

  • Modified

Objects

  • Published

Privilege

  • Access to sensitive data given

  • Access to sensitive data undone

  • Created

  • Deleted

  • Modified

Role

  • Access to sensitive data given

  • Access to sensitive data undone

  • Activated

  • Assigned (with and without date range)

  • Assigned dynamically

  • Created

  • Deleted

  • Inactivated

  • Locked

  • Merged

  • Modified (with and without date range)

  • Removed

  • Removed dynamically

  • Unlocked

  • Expired (due to date range)

  • Temporary access granted or extended by workflow

Security configuration

  • Exported

  • Imported

Security explorer

  • Used

Security request

  • Approved

  • Created

  • Rejected

Sensitive data setup

  • Exported

  • Imported

Snapshot

  • Compared

SoD rule

  • Created

  • Deleted

  • Modified

  • Validated

SoD conflict validation override

  • Allowed

  • Denied

Stand-in role

  • Assigned

  • Removed

Stand-in rule

  • Applied

  • Conflict

  • Created

  • Deleted

User

  • Access to sensitive data given

  • Access to sensitive data undone

  • Created

  • Deleted

  • Disabled

  • Enabled

  • Disabled via security request

  • Enabled via security request

  • Modified

Steps

  1. Click Security audit.

  2. Sub-task: Analyze global security history.

    1. On the Security history tab, analyze all events that are logged on the security configuration.

    2. You can analyze the security history details for all events that are logged on the security configuration.

      Click More.

    3. You can view the detailed security history information for a security history record.

      On the Security history page, in the upper section, in the list, find and select the desired record. Analyze the information in the Details section.

    4. Close the page.

    5. An event as logged in the security history, can result from a security request. Once approved, a security request is implemented automatically. This results in a change event on the security configuration.

      If an event results from a security request, the related security request is shown in the Security request reference field. You can view the related security request history.

      On the Security history tab, in the list, find and select the desired security-request-related event.

    6. Click Open security request history.

    7. Close the page.

  3. Sub-task: Analyze role security history.

    1. Click the Role history tab.

    2. On the upper pane, all available security roles are shown.

    3. In the list, find and select the desired record.

    4. On the lower pane, analyze all events that are logged on the security configuration of the selected role.

  4. Sub-task: Analyze user security history.

    1. Click the User history tab.

    2. On the upper pane, all available users are shown.

    3. In the list, find and select the desired record.

    4. On the lower pane, analyze all events that are logged on the security configuration of the selected user.

Notes

You can analyze the changes made to the security configuration of a specific user and/or role during a specific time period. To do so, on the Security audit workspace, in the Links section, click Security user log. Use the Date range, User ID, and Roles fields to filter the logged security changes. Click Collect and refresh data to apply the defined filters.