Planned

9

Allow users to view their own audited sessions (end-user reports)

by: Tyler H. | over a year ago | Other
Cast your vote or comment ...
return to idea list

There is a need for users to be able to view a list of their own previous sessions, view the keystroke report, etc. A user may want to revisit what they did in a previous session.

There is also potential for end-users to be able to view other sessions based on if they have current access to that privileged credential and server. This is because a user may need to know what has happened in previous privileged sessions outside of their own.

Expanding MyAccess to include access to these 'end-user reports' could be a good approach.

Also known as Bugzilla Enhancement ID 1015575.

by: Tyler H. | over a year ago | Other

Comments

  • This makes sense. The only addition to this Idea that I am inclined to make is that this have an "administrative toggle" so that if there is some reason that the organization does not want their individual admins to have access to their audit records that there is a means to suppress this reporting.

    by: Michael Mychalczuk | over a year ago
    official response

  • I'm not sure where we will pick up this capability. Right now we do not have it sized or targeted to a release. There is a reporting enhancement story in the current version of PAM in development, but cannot say that this would be covered by those improvements

    by: Michael Mychalczuk | over a year ago
    official response

  • Because the 1H CY'18 release will address reporting, I am going to tenatively mark this as Planned because now would be the time to look at it. HOWEVER, I need input here. I am not convinced that all organizations is going to want this capability. There are some who have absolutely no interest in making the end user aware of what is or is not recorded. Therefore, this cannot be a general "all on" or only option. Therefore I am going to make this implemented with the following requirement modification. Your input is appreciated

    Req. #1 - This should be a switchable option that the organization has the ability to set. By default this switch should be set to the off position
    Req #2 - When enabled, a PAM user should have the ability to see any recording of any of their sessions only. This means a recorded session that is associated with the user, regardless of privileged credential used
    Req #3 - These requirements only apply to recorded sessions that are currently "online" - if a recording has been archived by the organization there is no expectation that the recording be identified to the user as it would be unavailable
    Req #4 - There is NO requirement that a standard PAM User A should have access to a standard User B recordings.

    by: Michael Mychalczuk | over a year ago
    official response

  • My two cents:
    1 - Yes/Agreed.
    2 - Yes/Agreed.
    3 - Yes/Agreed -- But Admins definitely have access to those archived recordings.
    4 - Yes.

    by: Muhammad S. | over a year ago

  • Any update here ?

    by: Muhammad S. | over a year ago