Mack-the-Auditor Gets Audited! Part 3

This is the third of 3 posts; this post describes how I audited the auditors and my perspective on the whole thing.

Read the first post (background) and the second post (audit results).

Continue reading →

Advertisement

Deleting ACL Table Covers A Multitude of Sins

I’m not sure why, but sometimes deleting an ACL table or two covers a multitude of sins, errors, or just plain weird behavior.

No, I don’t get any error messages. That’s the strange part.

I’m talking about strange ACL behavior that you can’t troubleshoot by reviewing the log.

Continue reading →

How to Review Your ACL Log

Whether you script your projects or use menu commands, you need to review your ACL log carefully.

Good analysts review their results and the log as they work in ACL, after they think they are done, and have others review their log before the ACL project is relied upon.

(You can’t imagine the dumb mistakes my team and I found that saved us a lot of embarrassment later.)

Continue reading →

ACL Error: Not all Fields Imported via Script

Recently, I  ran an import script to import a delimited file into ACL, but the last 10 fields were not imported. And I didn’t know it right away, because I received no error message.

In addition (or should I say, in subtraction), the log did not indicate anything was wrong. Continue reading →

ACL: How to Create Your Own Scripts

Creating scripts (and editing them) is not as hard as many of you believe them to be.

Sure, it takes practice and time to learn the basics, but YOU can do it.

If you don’t learn scripting, you are NOT using ACL to it’s fullest, nor are you making the best use of your time.

Continue reading →

How to Audit User Access

When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:

• Application ID
• Application role or group
• Membership in an local server group, Active Directory (AD) group, or UNIX Group
• Access to the application’s share and/or folder on the server
• Database ID
• Database role, including access permissions (read/write)
• Other permission (from a home-grown application code or enterprise identify management system)

Continue reading →

New ACL CEO, New Fierce Direction?

The profile article of the new ALC CEO, Laura Schultz, indicates a new direction at the company, but I’m not sure what that direction is. Here’s why:

1. ACL tweeted that Schultz is  “fiercely determined” (see below), and in the profile, she talks about being “hell-bent” and “extreme” and taking vacations that involve “starving” and “afraid”. This is not your grandmother’s CEO, and maybe that’s the point. Either way, it doesn’t give me any comfort.

Continue reading →

LinkedIn Hack: Don’t Just Change Password, Reconfigure

We all know that LinkedIn was hacked and lost at least 6.5 million hashed passwords, or at least that’s how many were was posted. Besides changing passwords, is anyone thinking about their LinkedIn lock-down/security settings? What about other social media? See further below instructions for locking down LinkedIn, Facebook, Twitter, and Google+.

Continue reading →

Master List of ACL Articles and Tips

To make these posts easier to find (and link to), here’s a list of all the ACL posts on this blog in alphabetical order, and by most popular.
I’ll add other posts as they are written.

Continue reading →

Free ACL Bootcamp Training – from ACL!

ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.

The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).

Continue reading →

ACL: Strange Message in Log

If you’re an ACL user, I sure hope you read your ACL project logs and approach the JOIN command carefully. I recently received a good reminder. For an explanation of ACL, see this post.

Continue reading →

ACL tip: Rerun a Join Easily

Rerunning an ACL join command is much easier than most people realize.  And everyone using ACL screws up joining two tables more often than he’ll admit.

It goes like this: You painfully select the primary keys, the secondary keys, the primary fields, and the secondary fields, enter the output table name, and run the join. The join ran successfully, but you forgot to add one primary field or to adjust the options on the More tab. Now you have to do it all again. Or do you?

Continue reading →

Conclusion: Audit Server Disappeared

In Case File: Audit Server Disappeared, I noted that a friend of mine learned that  IT had, on its own prerogative, wiped a server belonging to Internal Audit because “it never appeared to be used.”

Some of you already commented on some of the issues involved in this incident and the normal IT activities that should have prevented this incident (or at least alerted IT that something was wrong). Let’s review those comments and I’ll add some other details and comments.

Continue reading →