The norm feature in the CSI Authorization Auditor provides an extensive answer to the question
'Should a user (not) be able to perform a particular functionality?'
The answer is expressed by setting normative information for each user per functionality per variant. The norm codes mentioned below are default and can not be remove nor modified.
R: User should be able to perform functionality (YES) without monitoring. The functionality is part of his day-to-day job.
A: User can perform functionality (YES), but requires monitoring through detective controls. These users are mostly backup users.
N: User should not perform functionality (NO).
U: User norm information currently unknown (NO).
T: User norm information to be defined (NO).
Z: Default norm code applied on converted users' results in Result Container created with CSI Authorization Auditor releases 7.2.x.x or earlier.
Note: All these features are applicable to user groups as well. So remember that normative settings can be applied to individual users or entire user groups.
CSI tools BVBA © 2012 - All Rights Reserved