SolarWinds® Access Rights Manager (ARM) v9.1 is now available on the customer portal!  For a broad overview of this release, the releasehttps://support.solarwinds.com/Success_Center/Access_Rights_Manager_ARM/Access_Rights_Manager_9_1_Release_Notesnotes are a great place to start. 

 

Feature Summary

View and Manage Azure AD Accounts with ARM

Create Azure AD accounts with ARM

Identify shared directories and files on OneDrive

Create a report about directories and files shared on OneDrive Identify users assigned to a transaction code in SAP R/3

Identify multiple authorizations for transaction codes in SAP R/3 Identify critical basic permissions in SAP R/3 Conclusion

Feature Summary

 

The primary changes you will see in this new release are designed to extend support for your critical applications and simplify integration with other systems and business processes, with explicit design to save you time on repetitive tasks.  

 

1.    Rebranded interface.The legacy 8MAN branding has been removed and the UI now looks similar to other SolarWinds products.  This is a small change but the first step in making ARM an important part of the SolarWinds security portfolio.

 

2.    Microsoft Azure Active Directory.  SolarWinds ARM now provides the ability to see and change permissions within Azure Active Directory.  By extending ARM to Azure-based Active Directory deployments, organizations who are directly leveraging Azure or who have hybrid environments can now utilize ARM to get better visibility and control over both. 

 

3.    Microsoft OneDrive.  SolarWinds ARM has been extended to include permissions visibility and change for Microsoft OneDrive, complementing the existing access rights permission visibility with Active Directory, Exchange, and file servers. Gain visibility into key areas, such as which files an employee has shared externally, and who has shared what files and directories internally with which employees.

 

4.    SAP R/3.  With this release, SolarWinds ARM introduces support for SAP R/3, allowing you to search for security-critical transaction codes, find authorization paths, and recognize multiple authorizations.  See which Active Directory users are assigned to each SAP account through the Access Rights Manager interface.

 

 

5.    UI/UX Improvements.  The ARM UI now has a more modern look.  The loading indicators have been improved.  We’ve added user pictures next to the comment boxes.  And, the user experience was improved by introducing tables with persistence in areas such as the resource view.  No need any more to re-apply your changes to the order or size of columns.  They stay with you after you set them.  Also, Analyze & Act scenarios can now be selected much easier by the new grouping and filtering functionality.  We heard you and made these improvements to make your job easier.

 

6.    Microsoft SQL Server Express Integration.  To make the installation for smaller environments easier, ARM now supports the automatic installation and configuration of Microsoft SQL Server Express directly from the ARM configuration page.  Use this option out-of-the box or utilize Microsoft SQL Server instead if you need a higher performance database.

 

7.    ARM Sync!  Most companies have several systems in place to manage users and their data.  This includes Active Directory, HR systems, and ERP systems.  Without proper synchronization processes, the systems may have an inconsistent view of the user’s data, resulting in administrators and HR employees having a difficult time identifying the correct set of data. ARM Sync! Helps to automate the data exchange between third-party systems and a system administered with ARM. With ARM Sync!, you can automatically create, deactivate, or delete user accounts.

 

8.    Recurring Task Scripting. Scripts are often used by administrators to ease the execution of recurring or repetitive tasks.  ARM now allows you to make a script available to users via the cockpit in a safe way to allow those users to execute an action immediately without an approval workflow.  These scripts can be executed before or after user provisioning processes, making it flexible and easy to apply.

 

9.    Create SharePoint Permission Groups.Industry best practices for SharePoint and file servers is not to grant permissions directly to users, but instead via group memberships to resource groups. With the Group Wizard for SharePoint, ARM relieves you of the many manual work steps needed to do this.  ARM now let’s you assign authorizations through a simple drag-and-drop procedure, and ARM will automatically create authorization groups and group memberships for both SharePoint online and SharePoint on-premises.

 

The SolarWinds product team is excited to make this new set of features available to you.  We hope you enjoy them.  Of course, please be sure to create new feature requests for any additional functionality you would like to see with ARM in general.

 

To help get you going quickly with this new version, below is a quick walk-through of the new Azure Active Directory feature, SharePoint, and OneDrive.

 

View and Manage Azure AD Accounts with ARM

ARM helps you to view, manage, and get control of your accounts in Azure AD and on-premises AD through a common interface.

 

1. Use the search box to find an Azure AD (AAD) account.  Use the search configuration (arrow) to ensure that Azure AD accounts are included in your search results.

 

 

2. Click on the desired entry. The icon with the cloud symbolizes an AAD account.

3. ARM focuses on the account. After right-clicking, select the appropriate action you want to perform.

 

Create Azure AD accounts with ARM

Create new Azure AD accounts or groups based on templates. Ensure the correct attributes and data is set.

 

1. On the start page, click "Create new user or group". 

2. Click on the desired template for a new user or new group in the AAD.

3. Enter the required information.

The information requested by the template can be fully customized.

 

4. Specify the logon information used to create the account in the AAD.

 

5. Enter a comment.

 

6. Start the execution.

 

Identify shared directories and files on OneDrive

OneDrive is an easy tool to let your employees share resources with each other and/or external users. ARM makes it easy for you to check which files an employee has shared externally, and who has shared what files and directories internally with which employees.

 

Option A: Browse through the OneDrive structure.

 

1. Select the resource view.

 

2. Expand OneDrive.

 

3. Browse the OneDrive structure.

 

4. ARM displays the permissions.

 

5. ARM shows you the authorized users.

 

"External" is used to identify files or folders shared externally. OneDrive creates a link (hence the symbol used). Anyone who owns the link can read or change it.

"Internal" identifies files or folders that are shared within the organization.

 

If a file or folder is shared with a specific user (email address) within the organization, this user is given permission (not a link).

 

Option B: Search for shared resources on OneDrive.

1. Search for "Internal" or "External" in …

 

2. OneDrive Accounts. 

 

3. This will open a scenario that displays all with OneDrive internally or externally shared files and folders.

 

Create a report about directories and files shared on OneDrive

Sometimes a report is easier to share, or you just want to follow up later on something you found. ARM allows you to easily generate a report about the files and folders your employees share on OneDrive.

1. Select the resource view.

 

2. Expand OneDrive and select a resource.

 

3. Select "Who has access where?".

4. The previously selected resource is preset.

 

5. Optional: Delete the preselected resources.

 

6. Use Drag-&-Drop procedure to add resources.

 

7. Start report creation.

 

Identify users assigned to a transaction code in SAP R/3

Transaction codes are important entities of SAP permissions. ARM helps you to identify which users are assigned to a specific transaction code, either direct or indirect, via membership in roles.

 

1. Use the search to find the transaction code you are looking for.

2. Click on the search result.

 

3. ARM automatically expands the tree view of the permission structure and focuses on the transaction code you are looking for.

 

4. ARM displays all permissions.

 

5. ARM displays all SAP users that have assigned the transaction code.

 

Identify multiple authorizations for transaction codes in SAP R/3

As with all permissions, there is often more than just one way a transaction code has been assigned to a user. ARM resolves all of these authorization paths and clearly visualizes these, leaving no room for ambiguity.

 

1. Use the search to find the transaction code you are looking for.

2. Click on the search result.

3. ARM automatically expands the tree view of the authorization structure and focuses on the transaction code you are searching for.

 

4. In the user list, ARM shows you how many authorization paths (arrows) have been set for the transaction code. Click on the user.

 

5. ARM shows you the authorization paths.

 

Identify critical basic permissions in SAP R/3

Use ARM to check regularly for critical basic authorizations following the principle of least privilege, and reduce the risk of data leakage.

 

1. Use the search box to find and select the critical basic authorization you are looking for. ARM opens the SAP authorization structure and focuses on the entry you are looking for.

 

2. Browse through the subordinate structure to analyze the use of the critical basic authorization.

 

Conclusion

That is all I have for now on this release.  I hope that this summary gives you a good understanding of the new features and how they can help you more effectively manage the permissions of your Azure AD, SharePoint, OneDrive, and SAP R/3 applications. 

I look forward to hearing your feedback once you have this new release up and running in your environment!

 

If you are reading this and not already using SolarWinds Access Rights Manager, we encourage you to check out the free download.  It’s free. It’s easy.  Give it a shot.

The Ghosts of Config Past, Present, and Future (Well, Sort Of)

 

The scene is set: the curtains open to a person in bed trying to get a good night’s sleep during a dark and windy night. The hair on the back of their neck is standing on end, and with one big gust their worst features come true! In bursts, a flurry of emails demanding proof for configs of old.

 

Okay, okay, while I’m no Hemingway, I can tell you that we’ve all experienced the nightmare of being visited by configs of old. Being bothered to prove an older configuration was in compliance is a real pain, and the thought of doing this manually makes skin crawl. Enter SolarWinds® Network Configuration Manager (NCM) network configuration management software v7.9 and the Favorite config.

 

Being a “favorite” is always a good thing, and the same can be said for Favorite configs inside of Network Configuration Manager. Just as any favorite gets special handling, Favorite configs are granted special privileges within compliance policies. Compliance Policies are always evaluating the most recent version of a configuration file. If you’re trying to prove compliance of an old file, you need to tell NCM to use that file instead. You do that by setting the config as Favorite.

 

If you set one config from each node as Favorite, then those Favorites will forever be the most recent. This means that you, as the user, would be able to prove these configs’ compliance at any point in the future from that day without any extraordinary effort. The best part of getting this setup is that it can be fairly easy, if you have established rules and policies.

 

Simply mark a config as Favorite either through the UI or, for the savvy user, through the SDK. This is done by navigating to the Configuration Management page and expanding the list of configs nested under a node.

 

Once this is done, you need to make sure to set up or modify your Policies to use this config type.

 

After the policies are set, just add these policies to a Compliance Report. 

 

 

After the Compliance Report is set up, update the report and click on it to see the output. You can verify that this is evaluating the correct config by drilling into any violation and clicking the “View Config” link.

 

If everything is set up correctly, you will see the details for the Favorite config. 


 

And there you have it! You’ll no longer be pressed to manually evaluate older configs for audit review or documentation. If you find this useful, have any comments, or would like to see how this can be done through the SDK, please let me know below!

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.