Question
Access group removal
We are having security issues since these access groups are being pulled as part of one of the LDAP users who should not have access to the application.
Need to check if the below access groups can be removed without having an application impact:
30783 | StockTrader:06-03 | Environment: 30783 CMT - Description: StockTrader:06-03 | |
30783 | AP118224:Administrators | Environment: 30783 CMT - Description: AP118224:Administrators | |
30783 | PegaAESRemote | Environment: 30783 CMT - Description: PegaAESRemote | |
30783 | DMSample:Users | Environment: 30783 CMT - Description: DMSample:Users | |
30783 | PRPC:PortalUsers | Environment: 30783 CMT - Description: PRPC:PortalUsers | |
30783 | PRPC:ProcessArchitects | Environment: 30783 CMT - Description: PRPC:ProcessArchitects | |
30783 | DMSample:Managers | Environment: 30783 CMT - Description: DMSample:Managers | |
30783 | IntSample | Environment: 30783 CMT - Description: IntSample |
Except AP118224:Administrators, all looks like generic access groups. Deleting access groups might not be even necessary to address your security concern. Is that LEAP user have a corresponding Operator ID in PRPC (either created manually or dynamically during authentication process?). If yes, does this user have all the access groups listed on Operator ID record?