DPAS SCR: 02060



  • SCR Number
    02060
  • Title
    Role Specific User Profile Inquiry Last Log In Date
  • DPAS Module
    Enterprise
  • Reporting Organization
    AF
  • State
    Removed
  • History
    08/02/2024
  • Description
    Change Request: New System Process

    Description:
    The User Review User Profile Inquiry report contains inaccurate and incomplete information. This makes it challenging for IO/AIO to effectively oversee user roles eliminate unnecessary roles and UICs and carry out a comprehensive annual user audit. The data provided in the report is not reliable which hinders the organization's ability to properly manage user profiles and ensure data accuracy. It is crucial for the accuracy and completeness of the report to be improved in order to support effective user management practices.  The inaccurate information hinders the ability to effectively manage user profiles and ensure the security of the system. It is crucial to address this issue in order to maintain the integrity and efficiency of the system.
    Specifically:
    The "Last Login Dt" currently shows the same date/time for all roles and modules. It is necessary to have it display the last login date/time for each module along with the specific echelon linked to each role such as Site AUIC UIC MA Warehouse and so on. This will provide a more accurate overview of user activity within each module and role allowing for better tracking and management of user access and permissions. By implementing this change users will have a clearer understanding of when and where they last accessed the system enhancing security and accountability.
     
    Recommended:
    In order to maintain security and data integrity it is important to display the "Last Login Dt" for each module and echelon associated with the roles. This helps to track the activity of users and ensure that only active roles are being utilized. Additionally roles should be suspended when the associated role/echelon is not accessed for 30 days. For example if a user has an APO role in AUIC FE 2345 and FE1234 but does not access FE1234 for 30 days that specific role would be suspended to prevent any unauthorized access.  This will apply to all Roles/Levels across all modules.
     
    Mission Critical:
    Each year IO/AIO is responsible for conducting a user audit and informing the DPAS PMO once it is completed. Monitoring roles and user access such as ensuring there is a separation of duties and preventing unauthorized access to MAs or warehouses is crucial for every agency. Unfortunately the current system tools used for this task are displaying inaccurate information making it difficult to effectively perform these important functions.
     
    Benefits:
    Displaying correct data is a baseline expectation for a data system. The last login date for each user identification code (UIC) gives the information needed for the Information Officer or Authorizing Official to decide if the UICs are still in use by the user. This helps them figure out if the UIC is necessary for the user to carry out their responsibilities and allows them to remove any UICs that the user is no longer actively using. By monitoring the last login dates the IO/AIO can ensure that access to resources is only granted to those who need it enhancing security and efficiency.  To reduce the risk of unnecessary personal transactions within unassigned UICs it is important to deactivate them. When UICs are not actively assigned to individuals there is a higher chance of unauthorized access and misuse. By deactivating these UICs organizations can ensure that only authorized personnel have access to sensitive information and resources. This proactive approach helps in maintaining the security and integrity of the system ultimately reducing the potential risks associated with unassigned UICs.
     
    Frequency: Daily
     
    Users:

    Unsure how many Agencies and IO/AIOs are in DPAS, but this will impact all of them.

     

    04Dec2024 - Cancelled per Luther Meitzner - Submitting new SCR with additional requirements