Banking
2 Certified Professionals
80 Hours
In the current client scenario, applications are being deleted without permission, and the log shows that the Administrator is being used to do so. The client required the prohibition of users with administrator rights from removing items from SailPointIIQ. On the other hand, the preceding workflow needed users with admin privileges. Since the client also wanted to make sure that the developers can access and use the delete functionality for some of the specific tasks.
Challenge
- The challenge was to create multiple debug pages, without modifying any options or permissions. Removing the delete option from the debug page from users with admin privilege was not an option because it was difficult for the developers team to do their job.
- But at the same time all the tools’ features were to be kept intact while merely removing the delete option from one debug page UI and creating another debug page with full functionality.
Solution
- The primary goal was to create two debug pages (Read-only and Delete), one for the users with administrative privileges, who would not have the delete option, and the other for a group of selected users who actually needed the delete functionality.
- The team removed the delete option from the Debug page of their on-premise SailPoint IIQ interface by customising several java files and elements within them.
- Completely removing the delete option from the debug page user interface allowed the team to prevent users with administrator privileges from deleting object files from the debug page.
- After creating a second debug page with delete functionality, we added an authentication mechanism to act as an extra layer of security that will restrict access to only certain users
Result
- This solution prevented unauthorised users from deleting objects stored in the database.
- Any objects, like applications, rules, and identities, can be deleted only by specific users (developers).
- Even if a user has admin privilege, he still needs to be part of the restricted group to use the second debug page.
- As a result, the changes were reflected in the new environment efficiently and without any hindrance or downtime.
- Due to the professional’s efficient approach, the project was finished on schedule and met the client’s goal.
How SecurDI can help
Since IdentityIQ offers several customization options, we, with our certified professionals at SecurDI, help organisations deliver dependable and comprehensive solutions aligning their complex business objectives. Added to that, all our solutions are tested and incorporate best practices. At SecurDI, a constant goal in every one of our projects is to make the interaction effective and your investments worthwhile.