Default SOX attestation reports

To help your department comply with Sarbanes-Oxley audit requirements, Centrify provides some default SOX reports. These reports show you who has access to computers, what roles and rights users have, and similar data that’s needed to show SOX compliance.

SOX reports provide the following kinds of information:

  • Computers: Who has access to these computers, what are the roles, rights, and groups that they belong to
  • Groups: Which users are in which groups, what are the roles, rights, and what computers can these users access
  • Users: What their role assignments are, what rights the users have, which groups they belong to, and which computers they have access to
  • Roles: Which computers the rules have access to, what rights are assigned to the group, and which groups are assigned to which roles

You can find the SOX reports in SSRS by going to the Centrify Report Services > Attestation > SOX reports folder.

Note:   In larger environments, you can save processing time when running an attestation report (PCI or SOX report) by choosing to exclude the chart from the report. When you open the report, select True for the Exclude chart for faster report generation option.

For a description of how report services calculates the data for the charts in the SOX reports, see How objects are counted for the PCI and SOX report charts.

Here is a list of the SOX reports, along with a brief description and how you can filter the results.

Report name

Report description

Filter the results with these fields

SOX - Login Report - By Computer

For each computer, this report displays the users who can log in. For each user who can log in, the report shows the role, assignment location, and assignee.

Computer

Computer group

Computer role

Zone

Zone Domain

Zone Type

SOX - Login Report - By Group

For each Active Directory group, this report lists the computers and role assignment information.

Active Directory group

Zone

Zone Domain

Zone Type

SOX - Login Report - By Role

For each role, this report lists the computers assigned to that role.

Role

Zone

Zone Domain

Zone Type

SOX - Login Report - By User

For each user, this report lists the computers that the user can access as well as the role assignment information.

User

Zone

Zone Domain

Zone Type

SOX - Login Summary Report

This report provides a summary of who can log in to which computer.

Computer

Computer group

Computer role

Local User Status

User

User group

User type

Zone domain

Zone type

Zone

SOX - Rights Report - By Computer

For each computer, this report lists the users who have which login and other privileges and what the role assignments are.

Computer

Computer Group

Computer role

Right type

Zone

Zone Domain

Zone Type

SOX - Rights Report - By Group

For each Active Directory group, this report lists the computers have which login and other privileges and what the role assignments are.

Active Directory group

Right type

Zone

Zone Domain

Zone Type

SOX - Rights Report - By Role

For each role, this report lists the computer and rights available on that computer.

Role

Zone

Zone Domain

Zone Type

SOX - Rights Report - By User

For each user, this report lists the Active Directory group, computers, and role assignment.

Right type

User

Zone

Zone Domain

Zone Type

SOX - Rights Summary Report

This report provides a summary of which rights are granted to which users on which computers.

Computer

Computer group

Computer role

Local User Status

Right type

User group

User

User type

Zone

Zone Domain

Zone type

Note:   When you view the collection of reports in Internet Explorer, you may also see some sub-reports listed. These are not actual reports but views that support the actual reports; due to a limitation with Microsoft SSRS, these sub-reports may display even though they’re not meant to be used. Please do not click any reports that have names that begin with SubReport.

Note:   In these reports, Computer Role and Computer Group filters return records assigned to those roles or groups but not where the role assignment is defined. For example, if you filter records for Zone1_CompRoleA, the report lists all computers that are in the computer role named Zone1_CompRoleA.

Note:   The charts in the PCI & SOX reports do not consider role assignments that are granted to “All Active Directory Users,” and the reports only consider role assignments that are granted to specific users and groups when counting computer access and privileges. On the other hand, the detailed report shows all the login and privilege information from all role assignments (including those that are granted to “All Active Directory Users”).