14.0:documentation:modules_extras:missing_related_entity_permissions_report

Missing related entity permissions report

This feature brings report named Find missing related entity permissions. It finds all create/update user actions from past (scans audit) that those users who performed them couldn't perform with their current permissions because of missing permission on related entities.

It is available for IdM 10, 12 and 13 (and will be in future versions too) and is meant to help with identifying permission problems that could arise due to fixes of vulnerabilites through related entities manipulation.

Example:

Here you can see that user aaa did in past and cannot now perform create/update action

  • on Identity Contract because of missing SETTOCONTRACT permission on Tree Node used
  • on Contract Guarantee because of missiong UPDATE permission on Identity Contract used
  • on Role Composition because of missing UPDATE permission on Role used