ForestSafe has been running at the organisation for months. One day you get an email from the directors.
“A recent security audit found that financial data held on several AIX computers, which are managed by George Busan, require an additional approval layer of security. Any access by him to these computers should first be approved by Susan Scotland in the finance department.
In addition the auditors discovered many confidential documents were found on public data shares, and this meant they were failing to comply with their ISO27001 audit. They ordered that all these documents be stored digitally and centrally and erased from all data shares.
George Busan will be in charge of importing the documents. But is not allowed to export them. Only the finance team can export them, but they have to seek approval for all exports by the security team.”
This can easily be configured in ForestSafe Express. We will create 4 new ForestSafe enabled Active Directory groups, and modify the General Support group we created earlier. Here is a table showing the desired structure.
|
Group name |
Members |
ForestSafe configured functions |
|
|
General Support |
George Busan |
Remote Terminal sessions to Windows and UNIX* Import of documents |
|
|
General Support Request |
George Busan |
Requested Remote Terminal sessions to AIX |
|
|
General Support Approval |
Susan Scotland |
Approve/Deny requests by General Support Request |
|
|
Finance Document Request |
Finance team members |
Request export of documents |
|
|
Finance Document Approval |
Security team members |
Approve/Deny requests by Finance Document Request |
|
*Configured earlier
Let us get started:
1. Using the End Users Panel, create 4 new Active directory groups and Promote them:
General Support Request
General Support Approval
Finance Document Request
Finance Document Approval
2. Add a new Host Container (FAC)
- Container Name: General Support Request
- Content Type: HOSTNAME
- Content: AIXFIN* (The Financial Servers are named AIXFINCXXXX .)
3. Edit General Support Request group
- Join George Busan to this group
- set the FAC to the General Support Request FAC
- Set a UNIX privileged session to launch as myUNIXaccount
- Set the Approval group to General Support Approval
4. Edit General Support Approval group
- Join Susan Scotland to this group
// George will be presented a choice of 2 groups on login:
// General Support and this new group General Support Request
// Next up is to configure the document management.
// In ForestSafe these are known as Binary Large Objects (BLOBS)
5. Edit the General Support group, that George is the solo member.
- On the Functions tab, check the BLOB import field and save.
// George now has rights to import the documents.
6. Edit the Finance Document Request group
- Join the Finance team members to this group
- On the Functions tab, check the BLOB export field
- Set the BLOB export Approval group to the Finance Document Approval group
7. Edit the Finance Document Approval group
- Join the Security Team members to this group
And finally configure your approval E-Mail alerts covered in the Installation section. This will keep the staff alerted at request and approval stage through E-Mail.
