Challenge Overview
We would like an automated way to reconcile OneTeam with the manually provisioned security in the WWie APEX Essbase databases. This process would provide a quick way to verify users in OneTeam and APEX Essbase prior to a user recertification cycle. The result could be a report sent by email that matches OneTEAM DB2 profile data with Essbase user security data and highlights discrepancies. It would not only focus on the user Id but also the specific access that the user has listed in both systems.
Items included could show:
I. Access levels for IDs in Essbase (filters, groups, supervisor, enabled, etc.)
II. Access profile from OneTEAM (provisioned to APEX)
III. IDs which are in Essbase but not in provisioned for APEX in OneTeam
IV. IDs which are provisioned for APEX in OneTeam but not in Essbase
APEX (Worldwide I&E Advanced Planning Exchange) is a suite of Essbase applications/databases to enable IBM's forecast and planning process for both Corporate and Geographies. Access is controlled using OneTEAM.
OneTEAM is an ASCA certified role-based access management application and service. It is used to manage the request, approval, user provisioning, and revalidation of access to internal IBM applications, systems, and other resources for IBM employees, vendors, and contractors.
OneTEAM is a web-based J2EE application running on a WebSphere Application Server. It uses DB2 for it's database, incorporates MQ for workflow, and an Asynchronous Transaction Server (ATS) for back-end processing. It manages the end-to-end access process for IBM internal applications. From the time an initial user request is submitted, OneTEAM manages the routing to the user's manager and other approvers for approval and, once approved, OneTEAM connects to the application's security controls and provisions the access. OneTEAM can connect and provision to the following application security control types:
BlueGroups
Notes ACLs (via the Public Group Manager)
DB2 (on AIX and MVS)
DB2 Stored Procedures
RACF
E-mail (manual provisioning)