SEE ALSO ATTCHED DOCUMENT
New and/or Adjusted Functionality
• External Access Change Request Id's are to be unique (TICKET 1739)
Added protection when creating an ACR based on an external message. In the situation the external request ID is already present, the ACR would not be created. The Acknowledgment Message will include the reason why the ACR is not created.
• Error Message while processing ACR preventive scan (TICKET 1741)
In the situation that the Employee Expiration Date value in the ACR External Message would be empty it could result in a Error message that the date format was invalid. This has been adjusted to not result in an error message in the acknowledgement message.
• ACR SOD Preventive Scan (TICKET 1753)
Added the ability to include Employee Group Data in the XML message for new Employees
• PAR - Query Builder - Not ALL Access Points are shown in the selection (TICKET 1754)
When building a PAR Scope and selecting values for the Access Point, only the Access Point Values from the Authorization were presented. This is now adjusted to show all values in the Access Point Master Data table.
• Label change Preventive Scan (TICKET 1758)
The Label “Items to be Removed”, is changed to “Items to be Removed/Changed” to reflect that in this section changes to the Access Mode of existing Authorizations are to be registered.
• DEM Access Scan – Sub-application modeling (TICKET 1748)
The child access point authorization can now also be generated based on the sub-application modeling information as imported, independent of the (imported) parent child access point relationships. This option should only be used if the DEM information is converted into the EAMS data. In the situation this option is selected, the available sub-application modeling information for a diagram/activity is used to created the child access point authorizations.
In the child option filters section a choice can be made to
1. Include Child Access Point in Scan
This is the existing functionality and the Child Access Point Authorizations are based on the Parent Child Structure; Note that the sub-application modeling information can be applied to define the Access Mode.
2. Use Sub-application modeling instead of Parent / Child Structure
This is the new option added, the Child Access Point
Authorizations are solely based on the Sub-application modeling information.
A Web-Portal Report has been added in the Enterprise Access Management Section, called: “Sub-Application by Diagram / Access Point”. This report will show per Diagram / Process for which Access Points sub-application are modeled and with which Access Mode.
The purpose of this report is to make it easy to find all
occasions where a specific sub-application has been modeled. If such
sup-application is resulting into SoD Conflicts the user will now exactly know
where to address this in the DEM model.
• New Report - Authorization’s Access Points (TICKET 1767)
Added a new Report in the Menu Section “Enterprise Access Mgmt”, called “Authorization’s Access Point”. The report includes data from the Authorization table and includes the following columns:
- Company Description
- Role Description
- Access Point
- Access Point Description
- Access Mode
- Access Mode Description
The purpose of the report it show the content of the Application Roles currently assigned to Users.
• EZ-Compliance Web-Portal - PAR - Add Department columns (TICKET 1769)
In the PAR Reviewer Pages the Employee Department Name and Description Columns are added.
• Historical User Import - Add ability to specify Date Format (TICKET 1771)
Upon importing the Historical Employee Authorizations and selecting the Baan/LN Report to import (instead of a CSV file) the date format of the to be imported report can now be selected.
The validation for the Baan/LN Reports has been enhanced to include new report headings
• Historical Employee Authorizations Import (TICKET 1794)
Upon importing a CSV file and the Minutes / Seconds fields are empty an error occurs due to these fields being empty. An additional warning message is added to inform the user of the details of the issue with the import file.
• Resolution Rule Employee Group / Authorization Employee Group (TICKET 1772)
In the Resolution Rule Scope definition the following attributes can now also be selected:
- Authorization 1 or 2 Employee Group Code (select from drop down)
- Authorization 1 or 2 Employee Group Description
• Conflict Resolution Status
Increased the number of Conflict Resolution Status as defined in the Custom Labels by 5. Added 5 Conflict Resolution Statuses (68 to 72)
• EZ-Compliance Cient – Resolution Rule
The columns Company 1 and 2 are added in the preview resolution data.
• EZ-Compliance Client - ACR Detail => Highlight Employee or Role depending on type
In the ACR Details dialogue, the Employee or Role Data is shown in bold, dependent on the ACR Type (Employee or Role). This makes it more obvious what type of ACR the detail is for.
• EZ-Compliance Web-Portal:
When creating an ACR from the Preventive Scan and the option to Change the Access Mode for existing authorizations is used, only those ACR Templates are presented, which have the Access Mode attribute activated.
• Added Authorization Employee Group to the ACR XML Message (TICKET 1778)
The Authorization Employee Group has been added as an attribute in the Employee General Section. Each resulting Authorization for the ACR will be created with the Employee Authorization Group.
• Web Portal Report: My Authorizations Reviews as Reviewer (TICKET 1779)
Improved performance of the loading of the report (TICKET 1779)
• DEM File Validation (TICKET 1789)
Enhanced the DEM file validation. Recent DEM files have a different first line and this is now taken into account.
• EZ-Compliance Client: Employees (TICKET 1805)
Added option to view grids for only Employees without Authorizations
This option helps the user to quickly identify those users which might need to be expired.
• EZ-Compliance Client: SoD Resolution Rule Scope
1) Added Save query Image link option; this option will create an image of the resolution rule scope and can be used for reporting purposes.
2) Resolved and issue when using the TAB key to move from one tab to another tab.
• ACR Preventive Scan - Removal of companies or roles are not updated correctly in the preventive scan (TICKET 1745)
Resolved an issue where in the ACR Preventive Scan Authorization Report / Excel the status of authorizations which were to be removed were not properly reflected.
• Conflict Scan - Employee Group Filter (TICKET 1747)
Resolved an issue with the Employee Group Filter in the Conflicts Scan. In the situation an Employee Group was to be excluded, this exclusion was not applied.
• ACR Preventive Scan - SOD Conflicts not calculated correctly for Baan IV servers (TICKET 1751)
Resolved an issue with the reading of the ACR Template Rule Category when executing the ACR Preventive Scan. In the situation a Conflict Rule Category was linked to the ACR Template, this Rule Category was to be used for the ACR Preventive Scan, however the loading of the Rule Category could go wrong, resulting in no Conflict being identified.
• Contextual Menu issue (TICKET 1765)
Resolved issue with the Contextual Menu in Report id=47, PAR Reviewer page with review level Access Point.
• EZ-Control Service:
Resolved issue where old preventive scan data that was flagged as "removed" or "changed" would be deleted instead cleaned
• Access Review as Reviewer Error Message (TICKET 1777)
In the situation the Reviewer would include a comma in note section of the Review and this record was opened and closed again, an error occurred. This is now resolved
• Expiration of Employee (TICKET 1780)
In the situation that an Employee was included in a PAR Cycle which was already closed, the Employee could not be Expired. This has been resolved that an Employee can be expired if listed in the closed PAR Cycle (assuming all other criteria are also met).
• Resolved an issue with the excel export for portal report (TICKET 1786)
The Export to excel for the following reports did not work properly:
- My Periodical Auth. Reviews: As Reviewer (id 43)
- My Periodical Auth. Reviews: As Owner (id 44)
• Error message when clicking link to archived PAR Cycle (TICKET 1787)
In the situation that a User would click the link to a PAR Cycle which already is archived an error message would occur, since the data for that PAR Cycle is no longer available in that report. Now the user will get a more friendly notification that the data of the PAR Cycle has been archived and is no longer available.
• Manually creating link between Role and Diagram (TICKET 1788)
Resolved an issue when creating link in the Client from a Role to a Diagram which resulted in an error message occurred.