In the Security and Compliance Studio, you can audit the security configuration in several ways:
Global security history - Shows all security configuration change events on all users, all security roles, duties, privileges, segregation of duties, stand-ins, and across all legal entities.
User security history - Shows all security configuration change events on the selected user across all legal entities.
Role security history - Shows all security configuration change events on the selected role across all legal entities.
Events done on the security configuration are logged in the security history. So, you can analyze the changes to the security configuration.These events are logged:
AAD group created
AAD group deleted
Audit log initialized
Duty access to sensitive data given
Duty access to sensitive data undone
Duty created
Duty deleted
Duty modified
Entry point access to sensitive data given
Entry point access to sensitive data undone
Entry point created
Entry point deleted
Entry point modified
Objects published
Privilege access to sensitive data given
Privilege access to sensitive data undone
Privilege created
Privilege deleted
Privilege modified
Role access to sensitive data given
Role access to sensitive data undone
Role activated
Role assigned
Role assigned dynamically
Role created
Role deleted
Role inactivated
Role locked
Role merged
Role modified
Role removed
Role removed dynamically
Role unlocked
Security configuration exported
Security configuration imported
SoD conflict allowed
SoD conflict denied
SoD rule created
SoD rule deleted
SoD rule modified
SoD rules validated
Stand-in role assigned
Stand-in role removed
Stand-in rule conflict
Stand-in rule created
Stand-in rule deleted
Stand-in rules applied
User access to sensitive data given
User access to sensitive data undone
User created
User deleted
User disabled
User enabled
User modified
Steps
Click Security audit.
Sub-task: Analyze global security history.
On the Security history tab, analyze all events that are logged on the security configuration.
You can analyze the security history details for all events that are logged on the security configuration.
Click More.
You can view the detailed security history information for a security history record.
On the Security history page, in the upper section, in the list, find and select the desired record. Analyze the information in the Details section.
Close the page.
An event as logged in the security history, can result from a security request. Once approved, a security request is implemented automatically. This results in a change event on the security configuration.
If an event results from a security request, the related security request is shown in the Security request reference field. You can view the related security request history.
On the Security history tab, in the list, find and select the desired security-request-related event.
Click Open security request history.
Close the page.
Sub-task: Analyze role security history.
Click the Role history tab.
On the upper pane, all available security roles are shown.
In the list, find and select the desired record.
On the lower pane, analyze all events that are logged on the security configuration of the selected role.
Sub-task: Analyze user security history.
Click the User history tab.
On the upper pane, all available users are shown.
In the list, find and select the desired record.
On the lower pane, analyze all events that are logged on the security configuration of the selected user.
Notes
You can analyze the changes made to the security configuration of a specific user and/or role during a specific time period. To do so, on the Security audit workspace, in the Links section, click Security user log. Use the Date range, User ID, and Roles fields to filter the logged security changes. Click Collect and refresh data to apply the defined filters.