on 01-26-2009 2:37 PM
All,
Is it possible for firefighters to receive (other than manually) automatically an expiration notice of their firefighter access once the validity date nears or ends?
Greg
Sorry, Greg. Jerry is using FF roles so he should be able to use AE 5.2 but AE 5.2 does not offer 'user access review functionality'. In AE 5.2, you can do role reaffirm. In CUP 5.3, you can do role and user reaffirm.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Greg,
Jerry is 100% right. There is no way for FF to send any kind of notice to Fire Fighter about the expiration of the access.
Again, Jerry has pointed a great idea. You can integrate FF with AE (CUP) and look at the reaffirm functionality.
CUP and SPM are integrated well in AC 5.3. In 5.3, you can set up 'User Access Review', which will show you all the users for which approver needs to reaffirm their access.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Greg,
We are running AE 5.2 and I am starting to test the REAFFIRM process
I'm still getting everything identified and ironed out but it appears that you can idenify an owner to a role (let's say the FF role) and have an email reminder sent when that role is scheduled for reaffirmation; you can set this time value by the month(s)
The owner would receive the reminder as well an email stating the roles that are due for reaffirmation; they would then log into AE and perform the reaffirm review and take the appropriate action for each user
hope this helps
Jerry Synoga
Ryerson,Inc.
Greg,
Not too sure that AE 5.2 would help here since you are more concerned on the USERID rather than the role
Here is a thought; I have all of our FF ids defined with the leading characters FF followed by the user id of the person it is assigned to; I also assign the role,Z_VFAT_FIREFIGHTER to the user to allow them access to FF; this role can have expiration dates which will allow AE to get involved; even if it did not, the reaffirm would help in reviewing who has FF access; normally you would probably assign an epxiration date to the FF id; I do this for those that require temporary access
In transaction SUIM, you can run a report for User>Users by Complex Selection Criteria and select the FF ids and add a date to the "valid until" field under Additional Selection Criteria; this report will show all ids that are valid through that date, including those already expired
I know this relates to a manual process done at a regualr time but perhaps you can have someone program this process and schedule the job to run lets say weekly (Sunday) and identify "valid through" the next Sunday; this report can then be sent to the person that would review it and take appropriate action
I'm not a programmer so I don't know what would be involved but it sounds like it may be an option for you
Jerry Synoga
Ryerson,Inc.
Hi Greg,
We use FF for our systems support group and I reviewed the reports and there is nothing I know about that would automatically inform users of their FF ID expiring. Other than running a report in SUIM that would show the FF ids and their validity date, I am not sure of anything else. This of course would relate to some manual functions, not something automated.
Pehaps others are more versed on this subject
Something I am starting to look into is using Access Enforcer to identify roles that require reaffirmation.
I will be using this for our FF roles; since we assign the roles and FF ids for an indefinite period of time, this will allow us to review the FF roles with the respective managers for confirmation that the users still require FF access. It does not relate to identifying when the access will expire but will allow us to confirm they are still valid
I know this is somewhat different from what you are asking but perhaps another approach
Jerry Synoga
Ryerson,Inc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.