How does VigilEnt Policy Center address deleted users and groups? (NETIQKB56308)

  • 7756308
  • 02-Feb-2007
  • 09-Sep-2008

Environment

NetIQ VigilEnt PolicyCenter 5.x

Situation

How does VigilEnt Policy Center address deleted users and groups?

Resolution

As they relate to Compliance Reporting, deleted users are defined as: Users who have complied with a policy or completed a quiz but no longer remain in the object's access control list (ACL) or were removed from the repository itself.

Deleted or retired users and groups cannot:

·        Log on to the Administration Site or the User Site.

·        Appear for searching in any area within VPC including the User tab, Group tab, Role tab, creating ACLs, or incident administrator user searches.

·        Be applied to new policy documents, quizzes, or reports after you delete or retire the user or group.

New to VPC 5.0, users and groups deleted from a valid repository are automatically removed from ACLs. In previous versions of VPC, administrators had to manually remove the deleted users and groups from the ACLs.

Once you delete or retire a user or group, VPC includes a .retired extension whenever it displays the object name. For example, Smith, John smithj.retired@repositoryname, dept. VPC displays the username.retired when you run a Compliance report and select the Show All Compliant Users option in the Scope page. Reports created before you retired the user continue to show the user name without the retired extension.

Reporting

VPC 5.0 updates the Include deleted users option in language and availability within reporting to more accurately reflect the historic definition of this term. Historically, including deleted users in Compliance reports required VPC to review the database table and retrieve information for any user with an existing compliance record. VPC then presented a combination of compliant users from the policy's ACL as well as any additional record of compliance that existed in the database for the specified policy ID.

The updated process and presentation retains the same functionality with the following modifications:

·        Changed the language on the Scope page to read Show All Compliant Users.

·        Changed the query to return every record of compliance stored in the database for the given object ID, thereby making the same process run more efficiently.

·        Restricted the ability to use this feature for reports that most effectively display this valuable information - Policy Compliance and Quiz Compliance Reports.

NOTE: Future versions of VPC introduce the use of this feature in various other reports such as the Single User Summary Report.

Additional Information

Formerly known as NETIQKB56308