Systems Access Security Analysis and Verification

Magsys uses the rich functionality of ACL™ Analytics as the core engine for Analysing & Validating Systems Access.
Visual Basic is also used to augment results presentation and provide automation.

Systems Security Access frameworks

Organisations generally are moving, or have moved, to a Single Sign-On IT environment.
At the application ERP level, user access security is generally Role Based via Profiles.
There is also a trend to implementation of Identity and Access Management ( IAM ) systems which can integrate physical access ( swipe cards ) with logical access ( IT platforms ).
This dynamic and diverse ecosystem of technologies offers significant benefits and also presents implementation and administration challenges.
Magsys has the tools and experience to assist management in access security migration and administration and also to support Internal Audit with CAATs development.


ERP User ⁄ Role Based Access Control ( RBAC ) for a state government rail entity.
After the initial implementation of Mincom’s MIMS ( Ellipse ) ERP system, problems arose with the administration of the role based and user profiles.
Whereas the initial configuration created a manageable number of role based profiles, due to employees acting in, or moving to, other roles and the redefinition of roles, a situation arose where the administrators cloned and edited the “pure” role profiles and also created individual user profiles which modified the role profile.
Internal Audit commissioned Magsys to develop ACL™ scripts to extract and analyse the role profiles with their matching transactions and the user’s current roles and HR data. The result was an ACL™ database with profiles, users and transactions.
CAATs were developed for Internal Audit to identify potential security problems arising.
For management and administration, useful reports were developed and queries such as “what transactions can this user execute?” and “which users can execute this transaction?” were provided.
The administrators were able to rationalise the profiles and use the ACL scripts for ongoing maintenance. Internal Audit also ran the ACL reports on a regular basis.

Validating an inhouse Identity Management system for a state government water utility.
The utility had an inhouse Identity Management database which collated users ( employees and contractors ) from a number of source platforms Eg. IBM RACF, Active Directory Users, Swipe Cards, Aurion HR and Peoplesoft Financials
This database was manually maintained by an administrator who received updates from the source platforms.
Internal Audit commissioned Magsys to develop an ACL project which imported the Identity Management database and performed integrity checks.
In addition, more cross checking was performed with the RACF, Aurion HR and Peoplesoft databases since they were already being extracted to an ACL Data Repository.
Anomalies such as duplicate identities, expired employees and contractors, changes of roles not reflected in security rights etc. were detected.