Computer systems have become a major part of any project. For example, large corporations often have hundreds or thousands of computer systems in operation for use by their employees. Because each of the computer systems may have access to confidential data on a computer network, employees authenticate themselves to the computer system before the computer system provides access to the secure data. Each employee may be provided a user account, such as a username and password, which the employee uses to authenticate himself to the computer. The user accounts may include a number of restrictions or permissions defining what the employee may access and/or change. Modifying these restrictions or permissions without proper authorization may result in an employee having too many permissions on the computer network. Thus, changes in permissions of a user account may be indicative of behavior not conforming to security policies established within the corporation.
In the past, an administrator of a server system manually extracted relevant log entries from system logs in a first application, and then scanned them manually to identify changes. If changes were found, the administrator had to launch a second application, such as a security administration tool, and then make the necessary changes to correct the user security records. The administrator may, for example, have been reviewing changes to users that violated a system policy. Updating user security records through a second application after identifying the changes required opening the user-id record, finding the attribute(s) to revert, typing in the values for each attribute that should be reverted, and saving the changed user-id record.
FIG. 1 is a flow chart illustrating a conventional method for reviewing user account changes. At block 102, a viewer tool is launched to view the log files. At block 104, the administrator manually scans for changes in user accounts. At block 106, a security administration tool is launched. At block 108, a user account may be manually modified through the security administration tool.
Manually running log reports and examining them for changes is time-consuming and error-prone. The conventional technique requires visual identification of small changes in a sea of data. In addition, making updates to revert a user's security record to a prior state requires several steps that are also subject to human error.