If you have spent any time at all administering IBM Connections Cloud, you may have noticed a peculiar design point regarding user administration. Whilst IBM have provided a functional tool in the onboarding manager web interface, there is very little in the way of a logged audit trail. IBM also make available a means to utilize an integration server and perform some of the tasks inbulk or batchmode, but it is not easy. Combine that with the limited user types provided by IBM, and you have a couple potential challenges;
- delegation of who performs user management functions without opening up too much authority to too many users
- validating and demonstrating appropriateness of user management activities, particularly for audit and service level evidences
What do I mean by this? IBM provides four user types, only one of which has the capability of creating or deleting users. This Admin privilege is the highest level of access, and can do virtually anything the client can do in IBM Connections Cloud. Think of this as you would root in a Unix environment and you get the picture. Most companies want to limit access to the super-user privileges, but this is the access you must grant to any and all administrators who will be involved with creating and managing users. Since this is a user type (i.e. a privilege level) it is different from root in that root is a single user account and not just a privilege level. In IBM Connections Cloud, there may be multiple distinct user ID’s with the Admin privilege, so individual accountability of which user with Admin performed a given task at a given time should exist. However, since there is no audit log to speak of, it remains difficult to demonstrate which Admin user did what and when.
A solution is a product like BCC’s AdminTool for Connections Cloud, which has robust audit logging of actions and activities around IBM Connections Cloud user provisioning, configuration changes, and environment customization. This logging is done in real-time and is stored in a log database, which can be used for report generation as well as troubleshooting analysis. If you wind up with users being generated with the wrong privileges, for example, it may be a simple mistake and your Administrators might need some remedial training. It could be a deliberate nefarious act by an Administrator in an attempt to gain elevated access beyond their job role. Either way, you would want to know so you can take appropriate action. Audit logging should not be considered optional or "nice-to-have", it should be considered vital.
BCC’s AdminTool for Connections Cloud brings this and much more to your IBM Connections Cloud environment. Its interface can be customized, provides more granular security options, easily integrates with your existing user management platform, has a simple interface and tracks changes in a logging database. As mentioned already, this tracking database provides very useful information on what was done, by whom, and when. Have a look at a recorded webinar for a demonstration and even more details here.
Interested in AdminTool for IBM Connections Cloud?