All Collections
Control Tests
Test: Only Authorized Employees Change Code
Test: Only Authorized Employees Change Code

Drata uses OAuth to access your company's Identity Provider (IdP) and version control system to ensure only authorized users change code.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Only Authorized Employees Change Code control that ensures your company version control system only allows approved employees to make changes to code on a branch in which they have approval rights.

WHAT TO DO IF A TEST FAILS

If Drata finds users with write access to your version control system that are not current employees/contractors the test will fail. With a failed test you will receive a list of users within your version control system that have write access but do not appear to have matching company accounts.

To remediate a failed test, you will need to either create IdP accounts for these version control system users or revoke their write access to the version control System repositories.

STEPS TO REMEDIATE

On Version Control Provider

  1. Log in as an admin

  2. Navigate to your project(s)

  3. Navigate to your user(s)

  4. Verify user privileges for all accounts.

On Drata

  1. Navigate to the 'Manage Account' page for your Version Control provider

  2. Ensure that the 'write' access flag is enabled

Note: By default, any user in the 'Developer/Maintainer/Owner' category will be reflected on the list in Drata. Users in the 'Guest/Reporter' category will not be reflected.

Did this answer your question?