To help your department comply with PCI audit requirements, Centrify provides some default PCI attestation reports. These reports show you who has access to computers, what roles and rights users have, and similar data that’s needed to show PCI compliance.
PCI reports provide the following kinds of information:
- Computers: Which users have access to these computers, what are their roles and rights
- Groups: Which users are in which groups, what are their roles and rights, and which computers do they have access to
- Users: What role is the user assigned to, what rights does the user have, and which computers does the user have access to
- Roles: What computers do these roles have access to and what rights do they have
You can find the PCI reports in SSRS by going to the Centrify Report Services > Attestation > PCI reports folder.
Note: In larger environments, you can save processing time when running an attestation report (PCI or SOX report) by choosing to exclude the chart from the report. When you open the report, select True for the Exclude chart for faster report generation option.
For a description of how report services calculates the data for the charts in the PCI reports, see How objects are counted for the PCI and SOX report charts.
Here is a list of the PCI reports, along with a brief description and how you can filter the results.
|
Report name |
Report description |
Filter the results with these fields |
|
For each computer, this report displays the users who can log in. For each user who can log in, the report shows the role, assignment location, and assignee. |
Computer Computer group Computer role Zone Zone Domain Zone Type |
|
|
For each Active Directory group, this report lists the computers and role assignment information. |
Active Directory group Zone Zone Domain Zone Type |
|
|
For each role, this report lists the computers assigned to that role. |
Role Zone Zone Domain Zone Type |
|
|
For each user, this report lists the computers that the user can access as well as the role assignment information. |
User Zone Zone Domain Zone Type |
|
|
This report provides a summary of who can log in to which computer. |
Computer Computer group Computer role Local User Status User User group User type Zone domain Zone type Zone |
|
|
For each computer, this report lists the users who have which login and other privileges and what the role assignments are. |
Computer Computer Group Computer role Right type Zone Zone Domain Zone Type |
|
|
For each Active Directory group, this report lists the computers have which login and other privileges and what the role assignments are. |
Active Directory group Right type Zone Zone Domain Zone Type |
|
|
For each role, this report lists the computer and rights available on that computer. |
Role Zone Zone Domain Zone Type |
|
|
For each user, this report lists the Active Directory group, computers, and role assignment. |
Right type User Zone Zone Domain Zone Type |
|
|
This report provides a summary of which rights are granted to which users on which computers. |
Computer Computer group Computer role Local User Status Right type User group User User type Zone Zone Domain Zone type |
Note: When you view the collection of reports in Internet Explorer, you may also see some sub-reports listed. These are not actual reports but views that support the actual reports; due to a limitation with Microsoft SSRS, these sub-reports may display even though they’re not meant to be used. Please do not click any reports that have names that begin with SubReport.
Note: In these reports, Computer Role and Computer Group filters return records assigned to those roles or groups but not where the role assignment is defined. For example, if you filter records for Zone1_CompRoleA, the report lists all computers that are in the computer role named Zone1_CompRoleA.
Note: The charts in the PCI & SOX reports do not consider role assignments that are granted to “All Active Directory Users,” and the reports only consider role assignments that are granted to specific users and groups when counting computer access and privileges. On the other hand, the detailed report shows all the login and privilege information from all role assignments (including those that are granted to “All Active Directory Users”).
Doc Feedback