Audits
Understanding audits
What are audits
Audits are what we call the process (and core responsibility) that involves reviewing who has what access to various platforms.
Why do we perform audits
There are a good number of reasons that could be made for doing audits, but the biggest ones for us are:
- Ensure no security issues are occurring in the agent/user space.
- Ensure we have accurate information for procurements and renewals.
- Ensure we follow best practices for reviewing who is using the various systems we manage.
What is audited
- Zendesk Global
- Zendesk US Government
When are audits done
On the 1st day of each quarter, issues will be generated via the System Audits project. After issue creation, audits are then performed.
Zendesk Global audit
This is done via the bin/zendesk_global script. When the script runs, it does the following:
- Gathers Support team information from the Support Team YAML files
- Gathers a list of all agents in Zendesk (i.e. those with a role of
adminoragent) - Creates three lists of users:
- Light agents (those with a custom role ID of
360004984553) - Admins (those with a custom role ID of
360004957599) - Full agents (those not listed in the Light agents and Admins lists)
- Light agents (those with a custom role ID of
- Loops over the Support team information, checking:
- If they have a corresponding Zendesk user (as they should)
- If they are a light agent (as they should not be)
- If their Zendesk name matches the name for their Support team information (as it should)
- If their Zendesk email matches the name for their Support team information (as it should)
- If they incorrectly have the Zendesk administrator role (as this is closely controlled)
- Loops over all agents in Zendesk to check if any of them are suspended (as they should not be)
- Creates an issue, detailing the following
- List of all light agents
- List of all full agents
- List of all admins
- List of all failed checks
Those working the issue generated will review the issue for any problems and look into any failed checks that arose.
After rectifying any problems, the issue is then closed out.
Zendesk US Government audit
This is done via the bin/zendesk_us_government script. When the script runs, it does the following:
- Gathers Support team information from the Support Team YAML files
- Gathers a list of all agents in Zendesk (i.e. those with a role of
adminoragent) - Creates three lists of users:
- Light agents (those with a custom role ID of
360008074111) - Admins (those with a custom role ID of
360016820032) - Full agents (those not listed in the Light agents and Admins lists)
- Light agents (those with a custom role ID of
- Loops over the Support team information, checking:
- If their Zendesk name matches the name for their Support team information (as it should)
- If their Zendesk email matches the name for their Support team information (as it should)
- If they incorrectly have the Zendesk administrator role (as this is closely controlled)
- Loops over all agents in Zendesk to check if any of them are suspended (as they should not be)
- Creates an issue, detailing the following
- List of all light agents
- List of all full agents
- List of all admins
- List of all failed checks
Those working the issue generated will review the issue for any problems and look into any failed checks that arose.
After rectifying any problems, the issue is then closed out.
7d49549f)
