Dataset for SOX Security Audit
Hello,
We would like a dataset giving visibility into the users, groups, pages, cards, and datasets for SOX auditing.
I need to show which users have access to each dataset. It would be useful to have a dataset that shows users that are members to each group, page and cards that those users and groups have access to, and which dataset each card is built off of. Today the best I can do is take hundreds of screenshots to satisfy our audit.
Thanks!
Comments
-
This is a great idea for SOX auditing. Taking screen shots for hundreds of people is NOT an ideal experience.
0 -
Thank you for submitting this idea @BABWMajorDOMO. I am assigning to our product manager @alexpeay for review.
0 -
Alex Peay
Product Manager
Domo0 -
@BABWMajorDOMO would the audit need to know which cards a user has access to or is it more about the underlying DataSet?
We can look into the card aspects but I know with SOX they they are very explicit and I want to make sure we focus down on the area where we can make the biggest imapact. My operating assumption is that the card being a vizualization of the data will end up meaning that the key access to be controlled is the data, is that a correct assumption?
Alex Peay
Product Manager
Domo0 -
@alexpeay Hi Alex, thanks for the follow up.
You're correct that the control would be the data itself. So we will be responsible for categorizing what type of data is within each dataset on our end, although having the dataset description would be useful in this audit dataset.
The ultimate goal is to be able to prove which user has access to what types of data, and when access for that user was added or removed. For DOMO, I envision this as a dataset with Group->User->Page->Card->Dataset (including dataset descr)->Date->AccessType (add/remove). To cover all bases, it might be good to have the descriptions of each card as well since that would add more context to what type of data is being made available to the user.
If you can think of an elegant way to add in the PDP or Publication Group filters for that user, I'm sure that would be of great use as well!
0 -
@BABWMajorDOMO Thanks for the additional information. When it comes to SOX access audits are you also need to know not just who has access today but who has had access before.
So for example if John had access for the month of April, but his access was removed on April 30 and the audit happens on May 30, you need to report that John had access in April even though he does not have access today. Is that correct?
Alex Peay
Product Manager
Domo0 -
Yes, I would need to know who had access in the past as well. A current snapshot would not be enough (although it would be better than nothing).
Our auditors are asking for all users that were granted access during a quarter, as well as those who had access removed during that quarter.
0 -
0
Categories
- 10.8K All Categories
- 3 Private Company Board
- 1 APAC User Group
- 12 Welcome
- 39 Domo News
- 9.7K Using Domo
- 1.9K Dataflows
- 2.5K Card Building
- 2.2K Ideas Exchange
- 1.2K Connectors
- 343 Workbench
- 260 Domo Best Practices
- 11 Domo Certification
- 465 Domo Developer
- 50 Domo Everywhere
- 106 Apps
- 717 New to Domo
- 85 Dojo
- Domopalooza
- 1.1K 日本支部
- 4 道場-日本支部へようこそ
- 27 お知らせ
- 64 Kowaza
- 299 仲間に相談
- 654 ひらめき共有