AlterspectiveSharedo Audit

Tier 1 + Tier 2 · Access

Security & access

Access configuration drifts silently. A permission is granted for one phase and never revoked; an administrator is switched to a local login and quietly loses single sign-on; a departed partner's privileged account stays live. This audit extracts the access picture, read-only, and surfaces the anomalies.

T1T2

1What we examine

Role and permission matrixCFG-RS

The full role-to-permission matrix is extracted read-only — a single, reviewable picture of who can do what.

Participant-permission gaps by phaseCFG-PT

Permissions that silently drop by phase, leaving users unable to act where they should — or able to act where they should not.

Information walls and ethical barriersCFG-RS

Configuration of security barriers and ODS information walls — two distinct mechanisms that this audit keeps separate rather than conflating.

Administrator auth-type anomaliesCFG-RS

Users flipped to a local 'Administrator' authentication type, which silently disables their single-sign-on (SSO) federation — a common and dangerous drift.

roadmapDormant privileged accounts

Privileged accounts with no login for 90 or more days — the accounts most worth disabling before an incident or an auditor asks.

2How we examine it

The security layout is readable read-only over the provisioning (SCIM) interface; login recency comes from the administration and audit surface. No change is made — extraction only.

Extraction is read-only. We surface configuration facts and access signals, not a determination that any access was ever misused.

3Example finding

Illustrative example — synthetic demonstration corpus

The role-to-permission matrix extracted cleanly; the anomalies were in the edges — phase-scoped permission gaps, a handful of administrators on local authentication (bypassing SSO), and dormant privileged accounts.

  • Phase-scoped permission gaps leave some users unable to act mid-lifecycle
  • Administrators on local authentication have silently bypassed SSO
  • Dormant privileged accounts remain live long after they should be disabled
48security roles in the matrix
11phase-scoped permission gaps
4administrators on local auth (SSO bypassed)
7privileged accounts dormant 90+ days
Access anomalies surfaced from a read-only extraction of the security layout and login recency.

4The benefit

What you walk away with

A defensible access picture — who can do what, where the walls leak, and which privileged accounts to disable — before an incident or an auditor asks the question for you.

← All audit domains See it in a full report