Default SOX attestation reports
To help your department comply with Sarbanes-Oxley audit requirements, Centrify provides some default SOX reports. These reports show you who has access to computers, what roles and rights users have, and similar data that’s needed to show SOX compliance.
SOX reports provide the following kinds of information:
- Computers: Who has access to these computers, what are the roles, rights, and groups that they belong to
- Groups: Which users are in which groups, what are the roles, rights, and what computers can these users access
- Users: What their role assignments are, what rights the users have, which groups they belong to, and which computers they have access to
- Roles: Which computers the rules have access to, what rights are assigned to the group, and which groups are assigned to which roles
You can find the SOX reports in SSRS by going to the Centrify Report Services > Attestation > SOX reports folder.
Note: In larger environments, you can save processing time when running an attestation report (PCI or SOX report) by choosing to exclude the chart from the report. When you open the report, select True for the Exclude chart for faster report generation option.
For a description of how report services calculates the data for the charts in the SOX reports, see How objects are counted for the PCI and SOX report charts.
Here is a list of the SOX reports, along with a brief description and how you can filter the results.
Report name |
Report description |
Filter the results with these fields |
For each computer, this report displays the users who can log in. For each user who can log in, the report shows the role, assignment location, and assignee. |
Computer Computer group Computer role Zone Zone Domain Zone Type |
|
For each Active Directory group, this report lists the computers and role assignment information. |
Active Directory group Zone Zone Domain Zone Type |
|
For each role, this report lists the computers assigned to that role. |
Role Zone Zone Domain Zone Type |
|
For each user, this report lists the computers that the user can access as well as the role assignment information. |
User Zone Zone Domain Zone Type |
|
This report provides a summary of who can log in to which computer. |
Computer Computer group Computer role Local User Status User User group User type Zone domain Zone type Zone |
|
For each computer, this report lists the users who have which login and other privileges and what the role assignments are. |
Computer Computer Group Computer role Right type Zone Zone Domain Zone Type |
|
For each Active Directory group, this report lists the computers have which login and other privileges and what the role assignments are. |
Active Directory group Right type Zone Zone Domain Zone Type |
|
For each role, this report lists the computer and rights available on that computer. |
Role Zone Zone Domain Zone Type |
|
For each user, this report lists the Active Directory group, computers, and role assignment. |
Right type User Zone Zone Domain Zone Type |
|
This report provides a summary of which rights are granted to which users on which computers. |
Computer Computer group Computer role Local User Status Right type User group User User type Zone Zone Domain Zone type |
Note: When you view the collection of reports in Internet Explorer, you may also see some sub-reports listed. These are not actual reports but views that support the actual reports; due to a limitation with Microsoft SSRS, these sub-reports may display even though they’re not meant to be used. Please do not click any reports that have names that begin with SubReport.
Note: In these reports, Computer Role and Computer Group filters return records assigned to those roles or groups but not where the role assignment is defined. For example, if you filter records for Zone1_CompRoleA, the report lists all computers that are in the computer role named Zone1_CompRoleA.
Note: The charts in the PCI & SOX reports do not consider role assignments that are granted to “All Active Directory Users,” and the reports only consider role assignments that are granted to specific users and groups when counting computer access and privileges. On the other hand, the detailed report shows all the login and privilege information from all role assignments (including those that are granted to “All Active Directory Users”).