Re: Re-use Login ID in Remedy
]0==u89h m,,.Hoik; From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of subash kaki Sent: Tuesday, October 09, 2012 4:27 PM To: arslist@ARSLIST.ORG Subject: Re: Re-use Login ID in Remedy ** UNSUBscrive From: Misi Mladoniczky m...@rrr.se To: arslist@ARSLIST.ORG Sent: Tuesday, October 9, 2012 1:57 PM Subject: Re: Re-use Login ID in Remedy Hi, RRR|LoginConv can change Modified-By/Submitter/Status-History.USER/Diary-entries etc from the original login name to something else. It will munch through all records of all forms an do the necessary updates. https://www.rrr.se/cgi/tools/main#rrrLoginConv I don't know how soon the login names will be reused, but one way would be to do one RRR|LoginConv run each month, cycling all retired accounts in one run. Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011) Products from RRR Scandinavia (Best R.O.I. Award at WWRUG10/11): * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.commailto:taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edumailto:stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it’s really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] *On Behalf Of *Jase Brandon *Sent:* Monday, October 08, 2012 2:26 PM *To:* arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG *Subject:* Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives
Re: Re-use Login ID in Remedy
Hi, RRR|LoginConv can change Modified-By/Submitter/Status-History.USER/Diary-entries etc from the original login name to something else. It will munch through all records of all forms an do the necessary updates. https://www.rrr.se/cgi/tools/main#rrrLoginConv I don't know how soon the login names will be reused, but one way would be to do one RRR|LoginConv run each month, cycling all retired accounts in one run. Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011) Products from RRR Scandinavia (Best R.O.I. Award at WWRUG10/11): * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it’s really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Jase Brandon *Sent:* Monday, October 08, 2012 2:26 PM *To:* arslist@ARSLIST.ORG *Subject:* Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
UNSUBscrive From: Misi Mladoniczky m...@rrr.se To: arslist@ARSLIST.ORG Sent: Tuesday, October 9, 2012 1:57 PM Subject: Re: Re-use Login ID in Remedy Hi, RRR|LoginConv can change Modified-By/Submitter/Status-History.USER/Diary-entries etc from the original login name to something else. It will munch through all records of all forms an do the necessary updates. https://www.rrr.se/cgi/tools/main#rrrLoginConv I don't know how soon the login names will be reused, but one way would be to do one RRR|LoginConv run each month, cycling all retired accounts in one run. Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011) Products from RRR Scandinavia (Best R.O.I. Award at WWRUG10/11): * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it’s really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Jase Brandon *Sent:* Monday, October 08, 2012 2:26 PM *To:* arslist@ARSLIST.ORG *Subject:* Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: [EXTERNAL] Re: Re-use Login ID in Remedy
To answer your this specific question: So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? Yes, Judy Jones (new user) will inherit all the records previously owned/last updated by Joe Jones , she would see all records and ownership of those records which were worked by Joe Jones. Reason: remedy application does not recognize whether user is new or old, as soon as it finds valid record in User form it does get authenticated and as soon as it finds valid record in CTM: People form it gives all permissions and licenses accordingly. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 4:49 PM To: arslist@ARSLIST.ORG Subject: [EXTERNAL] Re: Re-use Login ID in Remedy ** I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.commailto:taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edumailto:stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it's really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 2:26 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re-use Login ID in Remedy
Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
Jason, There was a rather lengthy discussion of that topic a few months ago that may be able to answer some of your questions. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 1:26 PM To: arslist@ARSLIST.ORG Subject: Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
Jase, What do you mean by re-use login id? Re-use login-Id for what purpose you mean? -Karthik On Oct 9, 2012 12:57 AM, Longwing, LJ CTR MDA/IC lj.longwing@mda.mil wrote: Jason, There was a rather lengthy discussion of that topic a few months ago that may be able to answer some of your questions. -Original Message- From: Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 1:26 PM To: arslist@ARSLIST.ORG Subject: Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it's really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 2:26 PM To: arslist@ARSLIST.ORG Subject: Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it’s really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Jase Brandon *Sent:* Monday, October 08, 2012 2:26 PM *To:* arslist@ARSLIST.ORG *Subject:* Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it’s really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Jase Brandon *Sent:* Monday, October 08, 2012 2:26 PM *To:* arslist@ARSLIST.ORG *Subject:* Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Re-use Login ID in Remedy
Maybe using their unique corporate id in the login name field, and using their Login in the special 'authentication alias' (I think that's what it's called) field on the user form (see docs) will be the best approach. Then all your last modified by, used by relationships, assignee login id's etc, are all tied to the unique corporate id while they can login using their 'jjones' login name as specified in the authentication alias. That's the most workable approach I see, and would require a one time mass conversion. Sent from my BlackBerry device on the Rogers Wireless Network -Original Message- From: Jase Brandon jasebran...@gmail.com Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Mon, 8 Oct 2012 18:49:02 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Re-use Login ID in Remedy I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it’s really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Jase Brandon *Sent:* Monday, October 08, 2012 2:26 PM *To:* arslist@ARSLIST.ORG *Subject:* Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: [EXTERNAL] Re: Re-use Login ID in Remedy
Jase: There's something I'm not following here...if this unique ID/custom attribute is for the company, why isn't it still possible that our hypothetical Joe and Judy Jones might both work for that company? Can you say a little more about what make this identifier unique? Thanks, Natalie Stroud SAIC @ Sandia National Laboratories ARS-ITSM Tester Albuquerque, NM USA nkst...@sandia.govmailto:nkst...@sandia.gov ITSM 7.6.04 SP2 - Windows 2008 - SQL Server 2008 From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 4:49 PM To: arslist@ARSLIST.ORG Subject: [EXTERNAL] Re: Re-use Login ID in Remedy ** I said the same thing guys. Let me elaborate a tad. They use a unique id for their company (custom attribute on the People form) that allows internal identification based on their unique identifier attribute, so they clam this will be acceptable when it comes to audits, I also brought up the SarBox issues. What concerns me is that Incidents/Changes/CI's, etc will have last modified by old guy instead of new guy. And... I haven't tried it yet, but I suspect the Data tool isn't going to do the trick as it relates to CI's. By reuse login Id' I was referring to: Ex. Joe Jones leaves the company and has a Remedy login ID of jjones. A new employee is hired, Judy Jones, and she is issued the old login id used for Joe Jones of jjones. So if the new employee Judy Jones logs on as jjones, does she suddenly inherit all the records previously owned/last updated by jjones as the original user of this id? Would she possibly see his Incidents/CI's, etc? I'm still trying to wrap my head around all this so pardon my rambling. :-) I've never had to deal with this issue in the past and wondered how the community handled this request or if anyone had ever had to deal with this issue before. 7.6.04 SP2 Windows Thanks, Jase On Mon, Oct 8, 2012 at 6:08 PM, Tauf Chowdhury taufc...@gmail.commailto:taufc...@gmail.com wrote: ** To echo Chris, I hope you don't work for a public company because that has to be against some sort of Sarbanes-Oxley regulation. Sent from my iPhone On Oct 8, 2012, at 4:11 PM, strauss stra...@unt.edumailto:stra...@unt.edu wrote: ** It is an incredibly bad security practice because it destroys any accountability for identity management. It is akin to reusing the social security numbers of deceased persons for newborns (try that analogy on them). We do battle with our PeopleSoft drones over this regularly, but it's really a problem with them not having a unique index on the table for workforce ids; the LDAP login names almost never get duplicated, and our AD syncs to LDAP for that data. If you ever get a security audit, and they are reusing login ids in AD as a standard practice, your organization will fail the audit (unless the audit is by Arthur Andersen LLP). Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jase Brandon Sent: Monday, October 08, 2012 2:26 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re-use Login ID in Remedy ** Hello All, I have been approached and asked about how we can re-use Login Id' and I've never been asked to do this anywhere else. Of course my initial reply was We shouldn't Do That, but I need more of a justification as the company reuses login ids via AD as a standard. Ive told them Login Id is associated with all things ITSM/CI's. I see this being a recipe for disaster. Can anyone help me out with your thoughts on this one please? Has anyone else done anything like this before? Thanks in Advance, Jase Brandon _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
