8MAN Terminology

<< Inhaltsverzeichnis anzeigen >>

Navigation:  Start > 8MAN Basic Knowledge >

8MAN Terminology

Term

Meaning and background at 8MAN

8

 

8MAN group

The 8MAN Group Wizard automatically creates Active Directory groups ("8MAN Group", resource group) for access to individual resources. You can recognize 8MAN groups by their special marking.

8MATE

8MATEs are add-ons that integrate additional functionality or resources into 8MAN. These include:

8MATE for Exchange

8MATE for SharePoint

8MATE FS Logga

8MATE AD Logga

8MATE for Dynamics NAV

A

 

access categories

Determine how resources can be accessed. In 8MAN, the selection is bundled into practical categories. These include, for example, "Full Control", "Modify", "Read and Execute", "Restricted Modify".

Access Rights Management (ARM)

Access Rights Management prevents unauthorized access to data and optimizes security-relevant processes within the company network.

Application Integration

A secondary discipline of ARM. Application Integration enables the automated collaboration of 8MAN with other applications in your software landscape.



account-graph

The account graph shows the nesting of groups in the Active Directory in a clear mind map. Parent-child relationships are thus quickly visible. The AD Graph is a USP of 8MAN and not to be found in other solutions.

B

 

blacklist

The blacklist allows you to define users and groups that are ignored by 8MAN. 8MAN uses blacklists in different places, e.g. for views, reports or alarm configuration.

C

 

children and parents

Children are the members (users and groups) of a group. If the group is again a member of other groups then these are their parents. 8MAN demonstrates the parent-child relationship comprehensibly with the AD graph.

collector

In 8MAN, collectors are used to connect resource systems and to process data. The collector gathers the data (e.g. from a file server or SharePoint), stores it and transfers it in compressed form to the 8MAN server. Thus, less data need to pass through the network. Collectors also perform permission changes. Due to the local execution, 8MAN guarantees high performance in distributed environments.

comfort feature

The Group Wizard's comfort feature ensures immediate access to resources after a permission change without the user having to log on again.

D

 

data owner

A manager who determines the access rights for resources. With this data owner definition, 8MAN has its own understanding of the role. The decisive advantage of a data owner is the decentralization of security competence. This means that there is one expert per department who knows the security-critical resources and can therefore validly decide on access rights for employees. The concept and the corresponding workflows can be found in the discipline Role & Process Optimization.

discipline

8MAN Access Rights Management is structured into 5 central disciplines:

Permission Analysis

Documentation & Reporting

Security Monitoring

Role & Process Optimization

User Provisioning

In addition, there are currently 3 other secondary disciplines:

Threat & Gap Management

Resource Integration

Application Integration

Documentation & Reporting

The second central ARM discipline. All activities that users perform with 8MAN are fully documented. The information can be provided in structured reports and sent automatically.

E

 

excess permissions

Mostly caused by a change of department: A user stays in the company, but moves through different departments. As a result, he accumulates authorizations that he does not need and should not have according to the principle of least privileges. Also known as "trainee syndrome".

F


functional group

Groups a number of users into a meaningful unit, e.g. the "Sales" group. Then add the relevant resource groups to the Sales function group. This gives each user who becomes a member of the Sales function group all authorizations for the resource groups it contains.

G


Group Wizard

If you change file server permissions in 8MAN, the Group Wizard creates resource groups in the Active Directory in the background. This assigns rights in accordance with Microsoft Best Practice. The Group Wizard also creates list groups. These allow users to navigate through the directory structure to the folder to which they have access to.

J


jobs overview

Display on the start page of the 8MAN configuration. It shows the last 8MAN activities, such as how many scans were performed and whether they were successful.

L


list groups

The Group Wizard included in 8MAN Enterprise can automatically create list groups and organize memberships for them. Users can navigate to the desired directories without the administrator having to deal with it manually.

log files

8MAN logs a number of log files to log activities. The most important log file is "pnServer". In the event of a problem, support uses it to investigate the causes.

N


nesting

see children and parents

O


organizational category

Category to be created in the data owner configuration of 8MAN for bundling resources.

P


parents

see children and parents

Permission Analysis

The analysis discipline in 8MAN Access Rights Management. Enables you to show the authorization situation of employees and resources.

Clarity about access rights is the central requirement for administrators and data owners from a security perspective.

permissions

Permissions result from the sum and type of access rights a user has.

permission groups

See Resource groups.

purpose groups

Allow you to replace technical group names with meaningful ones. This order feature does not make any changes in the Active Directory. The alternative names are only visible in 8MAN.

R


recertification

Allows data owners to check access rights to their resources in the web client and to request changes from the administrator.

Recertification should take place semi-annually. As an audit tool, it forms a central building block for maintaining the access rights situation in the company.

Role & Process Optimization

A central access rights discipline. It allows administrators to relieve themselves of simple access rights management tasks and delegate them to the help desk. In addition, the administrator can transfer the assignment of access rights to data owners. The data owner decides in a simple workflow whether access rights to his resources are granted or withdrawn. Another key component of Role & Process Optimization is the recertification process.

resolve group memberships

Describes a central function of 8MAN: Analyze (or "resolve") nesting (parent-child relationships) of group memberships to fully display the resulting authorized users in a flat list.

resource groups

A resource group (or permission group) gives access to a resource (for example, a file server directory). In practice, resource groups are bundled into function groups.

Resource Integration

Enables the analysis and administration of additional resources, e.g. 8MATE for Exchange, SharePoint, Dynamics NAV.

restricted modify

An access category that allows a user to make changes below a directory (e.g. create, edit and delete files and directories). The special: The user cannot delete the directory itself on which restricted modify is applied.

S


scan

A scan is the analysis basis for 8MAN. Mostly overnight, relevant information is read from the Active Directory and the connected resources and stored in an SQL database. 8MAN can thus quickly display the relevant data. You can set up scans for different resources in the 8MAN configuration.

In addition, partial scans can be performed in the 8MAN user interface if required. These usually only take a few seconds and then show the current access rights situation.

Security Monitoring

Belongs to the central disciplines of ARM and monitors security-relevant activities in AD, on file servers and in Exchange.

8MAN works with scans. Information about the access rights situation is only collected at certain time intervals. Everything that is changed outside 8MAN and happens between the measurement times is recorded by Security Monitoring.

This solves a central security problem: Temporary permissions with the goal of data theft are recorded.

service

The smallest product unit in the 8MAN world. A service is an added value for the user that is meaningful in its own right.

Each service is documented in How-To format.

service account

An Active Directory account that allows a service (e.g. 8MAN) to act with dedicated permissions on resources.

T


Threat & Gap Management

Belongs to the secondary disciplines of ARM. Threat & Gap Management automatically removes security-critical permission errors and standardizes the permission system according to the specifications of corporate IT.

trainee syndrome

See excess permissions

U


User Provisioning

A central 8MAN Access Rights discipline. Controls the creation of new user accounts and groups, rights management and account management. The processes of user provisioning occur frequently and can be standardized via 8MAN with templates.