Usually, I’m the one doing the auditing, but this time, I (Mack) was the one who was audited.
It was a great experience for me.
Well, sort of. No one likes being audited (ahem). But it gave me a fresh perspective of how others feel when I audit them.
This is the first of 3 posts; this post contains some background info on the project that was audited, and the second one discusses the audit and the results, and in the third post, I describe my perspective on the whole thing, and some takeaways.
Today I was adding a new table to a scripted ACL project and kept getting an error.
This project automatically opens a folder on the LAN, reads the files in the folder, and loads all of them.
All I did was add one more file to the folder. ACL refused to load that one file.
Whether you script your projects or use menu commands, you need to review your ACL log carefully.
Good analysts review their results and the log as they work in ACL, after they think they are done, and have others review their log before the ACL project is relied upon.
(You can’t imagine the dumb mistakes my team and I found that saved us a lot of embarrassment later.)
Recently, I ran an import script to import a delimited file into ACL, but the last 10 fields were not imported. And I didn’t know it right away, because I received no error message.
In addition (or should I say, in subtraction), the log did not indicate anything was wrong. Continue reading
You might be an Audit Command Language (ACL) freak if more than 2 of the following are true:
- At work, you have a second computer (or virtual machine) just for running ACL.
When I ‘m trying to work with text files that are so big I can’t even open them with programs like Excel, Notepad, or PSPad, I reach for the FREE file-splitter program.
In ACL, a conditional computed field (CCF), is basically a regular computed field with some fireworks.
It looks and acts much like a regular computed field, but has some extra parts that do some extra work. Fortunately, the extras are NOT complicated, and after reading this post, you will find that will you use CCFs frequently.
So what’s the difference?
Once you’ve mastered creating computed fields, you’re ready to add computed fields to a table via script. It is easier than it sounds.
If you need some background on computed fields, see my previous posts, What is a Computed Field? and How to Add a Computed Field (manually). Now let’s explore writing a script that adds computed fields to a table.
As soon as you create an ACL script, you often have to add to it or edit it. There’s an easy way to do it.
Creating scripts (and editing them) is not as hard as many of you believe them to be.
Sure, it takes practice and time to learn the basics, but YOU can do it.
If you don’t learn scripting, you are NOT using ACL to it’s fullest, nor are you making the best use of your time.
Have you been following the “Optimizing Script Performance” series on the ACL Blog? aclkevin has been offering some great tips.
In case you missed them:
Adding a custom view to an ACL table comes in handy when you want to 1) change the order of the fields in an ACL table, or 2) view a select number of fields.
You can add a custom view manually or via script. We’ll tackle the script version first.
This post is in response to Les’ question about reordering fields in a table.
When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
- Application ID
- Application role or group
- Membership in an local server group, Active Directory (AD) group, or UNIX Group
- Access to the application’s share and/or folder on the server
- Database ID
- Database role, including access permissions (read/write)
- Other permission (from a home-grown application code or enterprise identify management system)
The profile article of the new ALC CEO, Laura Schultz, indicates a new direction at the company, but I’m not sure what that direction is. Here’s why:
1. ACL tweeted that Schultz is “fiercely determined” (see below), and in the profile, she talks about being “hell-bent” and “extreme” and taking vacations that involve “starving” and “afraid”. This is not your grandmother’s CEO, and maybe that’s the point. Either way, it doesn’t give me any comfort.
Did you know that you can create a script to import a file into ACL? That you can automate loading a table?
I’m talking about the File > New > Table command in ACL, also known as the Data Definition Wizard. Yes, you can create such a script, and I’m going to teach you how!
The good news is that it’s so much easier than you think. The bad news is that it doesn’t APPEAR easy, but it really is, because ACL does the heavy lifting for you. I promise that if you hang in there, you’ll so be a pro. Just try it once, and you’ll be hooked!
ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.
The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).
On my walk to work, I cross a lot of 1-way streets. I always look both ways. Sometimes, when a friend or colleague is walking with me, I get teased me about this. I always reply with this question: Have you ever driven down a 1-way street the wrong way? For some reason, I never get a reply and another subject surfaces.
When I crossed one of those streets the other day, I realized that some people look at audit/security/risk the same way. They only look one way because of the people or rules or controls or norms that govern the activity. They fail to think outside of the cubicle and look the other way–the path seldom traveled.