Skip to main content

Groups

Purpose: Provides details about membership and statistics of managed groups. Also reports unmanaged groups.

Executable: groupmembership

Table 1. Groups report search criteria

Criteria

Description

Group ID

Search for the group you want to report on. Alternatively, you can type the long ID of a group or a pattern of group IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character. All groups are included by default.

Report type

Select a report type:

  • Show managed groups summary: Select this option to only show groups that are managed, and the total number of members for each group. Selecting this report type displays the Resource attribute to display input field.

  • Show managed group and authorization summary: Select this option to only show groups that are managed. In this mode, the report output also includes the total number of members and authorizers for each group.

  • Show managed group members: Select this option to only show groups that are managed, and to list their direct and indirect members (both accounts and child groups). Selecting this report type displays the Include deleted memberships and Memberships deleted by: input fields.

  • Show unmanaged groups : Select this option to only show groups that are not managed.

  • Show managed group authorizers : Select this option to only show groups that are managed, and to list their authorizers. The report includes all authorizers for all managed groups.

Override authorization configuration

Select a override type:

  • Show all : Only include managed groups regardless of authorization configuration inheritance.

  • Only use inherited configuration: Only include managed accounts groups that include only authorization configuration from the target system.

  • Do not inherit any configuration: Only include managed groups that do not include any authorization configuration inheritance set by the target system.

  • Include inherited configuration: Only include managed groups that include any authorization configuration inheritance set by the target system.

  • None: Only include managed groups where the target does not include inheritance.

Resource attribute to display

Available for the all report types except Show unmanaged groups report type. Choose which resource attributes to display alongside the managed groups.

Member type

Only available for the Show managed group members report type. Select the member types to display:

  • Account

  • Group

    Leaving it blank is the same as selecting all types.

Minimum depth

Only available for the Show managed group members report type. The report will only output members that have a depth greater than or equal to this value. The default value is 1.

Depth indicates what level of membership an account or group has to the managed group. A depth of 1 means they are a direct member of the group. A depth of 2 means they are a member of a direct child group.

Maximum depth (-1=infinite)

Only available for the Show managed group members report type. The report will only output members that have a depth less than or equal to this value. A value of -1 means it will output all members that have a depth greater than or equal to the Minimum depth. The default value is -1.

Target system ID

Type a comma-and-space-delimited list of target system IDs for which you want to run the report. Alternatively, you can search for one or more target systems.

Include invalid groups

Include or exclude groups that may have become invalid during the last auto discovery.

Only include groups without direct owners

Presented only when report type is set to Show managed group and authorization summary . When this option is enabled only groups without direct owners will be listed. Owners via groups that own a subgroup are not considered as direct owners.

Include deleted memberships

Include deleted group memberships in the results. This option is only available for the Show managed group members report type, and will only return the most recent deletion from each group, per user.

Membership deleted by:

Filter results when including deleted memberships to only include deletions initiated from a specific source.

  • (All): Include all deleted memberships in results

  • Bravura Security Fabric : Only include group memberships deleted via Bravura Security Fabric , including: processed user requests, automatic management operations, and exit traps.

  • Out-of-band: Only include group memberships deleted by means outside the control of the Bravura Security Fabric , including local deletion from the group’s target system. This option will only return results for managed groups with the Track Changes option enabled.

Resource attribute

Filter results using a resource attribute and criteria. The type of criteria is dependent on the attribute selected. Up to four resource attribute filters can be defined.



Users who belong to the user class configured in the Manage the system > Modules> Manage reports (RPT) > GROUPAPP REPORT ACCESS field can run this report from the Groups app.

In this section: