Hello @Shalini.Ramesh - You mention: ‘ The in-built reports we already have under Reports and Audit does provide the above details.’ - Can you advise which report from /login shows this data? You can usually download any of the reports from the /login > reports page.
Sorry I meant to say does not provide the above details. Please can you guide me and let me know how I can get these reports?
Hello @Shalini.Ramesh - I believe you can find most of the report you wish to see under /login > Users & Security > ‘User Account Report’ found at the bottom of that page.
Please let me know how you get on here!
@PhillC I cannot find this option anywhere in BT. I think I might need more help. The only options I can see when I login to BT as an administrator are Menu, Home, Assets, Smart Rules, Discovery, Managed Systems, Managed Accounts, Password Safe, Secrets Safe, Analytics and Reporting, Configuration and About. I cannot see the above option Users and Security > ‘User Account Report’
Hello @Shalini.Ramesh - you have posted this in the Remote Support channel for the SRA Product, RS/PRA. From what you are describing, this sounds like a PasswordSafe/BI Query…? Can you please 100% confirm the product you have this query for and we can go from there?
Yes the product is Password Safe. In about section I can see it says BeyondInsight 23.3.0.813
Hello @Shalini.Ramesh - OK, I’ll see if we can get this thread re-assigned to the PWS/BI section so we have the right product so we can more effectively answer this query.
@PhillC Any updates please? I need this soon as possible as we have to submit these reports to audit.
Hello @Shalini.Ramesh - I do no think we can move these topics. If it is an urgent request, then I strongly suggest opening a Support Case with our Support Team who can advise further.
Hey @Shalini.Ramesh - you mention that the version is 23.3 - there have been quite a few changes in PasswordSafe reporting that may help address these challenges. You’re likely going to need to combine information on the different sources. If the following don’t assist, then the Ideas portal is the recommended method of submitting feature requests and detail what specifically is missing.
PasswordSafe:
- Entitlement by User
- This will detail the user and the accounts → machine → access policy
- The access policy would need to then be gathered for more detail, however you know where to look
- Entitlement by Group
- This will detail Groups for features, and smart rules assigned with their access, and group members.
- Inactive Managed Accounts
- Helpful to identify where accounts aren’t being utilized
- Application Audit
- Provides information on who has administrative access to applications
- Application Inventory
Secrets Safe:
- Secrets Safe Entitlement Report
@tclowater I have exported all reports in Secrets Safe and sent to the auditors but the auditors need the below information:
The above reports in conjunction do not address the original request.
Is there an option to query the database for the following information: ALL accounts stored in BeyondTrust along with group names, secret safe memberships, and details of all users to have access to the saved accounts.
As an example, for the user John, we want to know:
- John’s group memberships and their associated permissions per group.
- Seret Safes membership for John
- Accounts within the secret safes that John can access.
- Is there functionality within BeyondTrust to extend the log retention period beyond 120 days?
- For new users provisioned on the system, how can we obtain logs evidencing the date of access provisioning, the user provisioned access, and the role/group provisioned?
We require the above information for all users on BeyondTrust in a single view.
Please let me know what can be done?
