Skip to main content

Workflow reports

Authorizer activity

Purpose: Approvals, denials and failure to respond by authorizers.

Executable: authactivity

Table 1. Authorizer activity report search criteria

Criteria

Description

Authorizer ID

Type one or more authorizer profile IDs to search for. Alternatively, you can search for one or more profile IDs.

Report type

Select one of the following report types and enter a number:

  • Completed at least N requests: This report type lists authorizers who have completed at least N requests, where N is the number you entered. A "completed request" is a request that has been either approved or denied.

  • Denied at least N requests: This report type lists authorizers who have denied at least N requests, where N is the number you entered.

  • No response for at least N days: This report type lists authorizers who have waited at least N days before completing a request.

Choose request entry date

Choose a date range for request entry date.

Filter results by last authorization time/date

Choose a date range for the last authorization time/date.



Request status by authorizer

Purpose: Provides current and historical status of requests, organized by authorizer.

Executable: authorizersreport

Table 2. Request status by authorizer report search criteria

Criteria

Description

Authorizer ID

Type the profile ID of the authorizer for whom you want to run the report. This is the user who was originally assigned to the request. Alternatively, you can search for one or more profile IDs.

Actual authorizer ID

Type a profile ID that matches the "actual authorizer" for whom you want to run the report. This is the user who reviewed or acted on the access change request, and is not necessarily the authorizer who was originally assigned to the request. Alternatively, you can search for one or more profile IDs.

Request ID

Type the ID of the request for which you want to run the report.

Filter results by last authorization date

Choose a date range for the last authorization time/date.

Authorization status

Select one or more statuses to include in the report. The authorization status represents the action performed by or required of the authorizers.

Request status

Select one or more statuses to include in the report. The request status is the state of the overall request.

Resource status

Select one or more statuses to include in the report. The resource status is the current state of a resource that is part of the request.

Summarize report

Select this checkbox to summarize the report details.



Request status by implementer

Purpose: Provides current and historical status of requests, organized by implementer.

Executable: implementerrequests

Table 3. Request status by implementer report search criteria

Criteria

Description

Implementer

Type the profile ID of the implementer for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the user who was originally assigned to the request.

Actual implementer ID

Type a profile ID that matches the actual implementer for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

The actual implementer is the user who manually fulfilled the access change requests, and is not necessarily the implementer who was originally assigned to the request.

Request ID

Type the ID of the request for which you want to run the report.

Target system ID

Type a comma-and-space-delimited list of target system IDs to only include implementers from those systems. Alternatively, you can search for one or more target systems.

Operation

Select the operations that you want to include. All operations are included by default.

Status

Select one or more statuses to include in the report. The request status is the state of the overall request.

No response for at least N days

Type a number of days for the threshold value. The report displays implementer requests that have been unresolved for a time period equal to or longer than the response threshold.

Choose create date

Choose a date range for request creation date.

Choose start date

Choose a date range for request start date. If specified, requests are only included in the report output if they were accepted within the selected date range.

Choose end date

Choose a date range for request end date. If specified, requests are only included in the report output if their latest action occurred within the selected date range.

Display subtotals for accepted tasks

Select one of the Subtotal by <period> options to sort the report and show subtotals by the time period selected. The time period is one of: week, month, quarter, year, or date range.

The default is No subtotals .

Completed at least N requests

Type a number of tasks for the threshold value. The report displays implementers who have completed a number of tasks equal to or greater than this value.



Pre-defined requests

Purpose: Shows the configuration of pre-defined requests.

Executable: predefinedrequest

Table 4. Pre-defined requests report search criteria

Criteria

Description

Pre-defined request ID

Type the ID of the request for which you want to run the report.

Group ID

Type the long ID of one or more managed groups for which you want to run the report. Pre-defined requests that contain the specified groups are included in the report. Alternatively, you can search for one or more managed groups.

Target system ID

Type a comma-and-space-delimited list of target system IDs to only include pre-defined requests that contain the specified target systems. Alternatively, you can search for one or more target systems.

Attribute group

Select one or more attribute groups. Pre-defined requests that contain the specified attribute groups are included in the report.

Template ID

Select one or more templates. Pre-defined requests that contain the specified templates are included in the report.

Operation

Select one or more operations. Pre-defined requests that contain the specified operations are included in the report.

Display statistics for

Select one of the following options to modify the report output:

  • No summary: (default) In this mode, the report output contains details for each matching pre-defined request and pre-defined request / operation combination.

  • Usage: In this mode, for each matching pre-defined request, the report output contains the number of: times the request has been used, times an invocation of the request has been set to a particular status (approved, denied, and so on), distinct requesters and distinct recipients of the request.

  • Per-operation summary: In this mode, for each matching pre-defined request / operation combination, the report output contains the number of: times the request / operation has been used, times an invocation of the request / operation has been set to a particular status (approved, denied, and so on).

Choose date range

Choose a date range for request date.

If specified, pre-defined requests are only included in the report if they contain an event that occurred within this time frame. The date range is not applicable when Display statistics for is set to "No summary".

Graph type

This option will appear when the Display statistics for option is set to Usage.

Choose one of the following options to define type of graph to display

  • Horizontal bar chart: The usage statistics will be represented in a horizontal bar graph.

  • (None) : No graph will be displayed.



If you do not provide any search criteria, the report output contains details for all pre-defined requests and pre-defined request / operation combinations.

Note that the search criteria for this report is joined using a logical "or". This means that a pre-defined request is included in the report if it matches any of the criteria.

Request event log

Purpose: Details and change history of matching requests.

The report output includes one "sub report" for each matching request.

Executable: requestlifecycle

Table 5. Request event log report search criteria

Criteria

Description

Request ID

Type the ID of the request for which you want to run the report.

Requester ID

Type the profile ID of the requester for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

Recipient ID

Type the profile ID of the recipient for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

Actual authorizer ID

Type a profile ID that matches the "actual authorizer" for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the user who reviewed or acted on a access change request, and is not necessarily the authorizer who was originally assigned to the request.

Delegated authorizer ID

Type a profile ID that matches the delegate authorizer for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is a user who has been delegated the responsibility to review or act on an access change request.

Actual implementer ID

Type a profile ID that matches the "actual implementer" for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the user who manually fulfilled an access change request, and is not necessarily the implementer who was originally assigned to the request.

Delegated implementer ID

Type a profile ID that matches the delegate implementer for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is a user who has been delegated the responsibility to manually fulfill access change requests.

Request milestones

Select one or more milestones to include in the report.

Choose start date

Choose a date range for request start date.

Display requests matching any criteria

When enabled, the report includes requests matching any of the above criteria. When disabled, requests must match all the above criteria.

Show only relevant authorizer actions

When enabled, the report will display only relevant authorizer actions.



Search requests

Purpose: Advanced search of and statistics about current and archived requests.

Executable : requests

Table 6. Search requests report search criteria

Criteria

Description

Request ID

Type the ID of the request for which you want to run the report.

Pre-defined request ID

Select one or more pre-defined request IDs from the drop-down list to display information related to specific pre-defined requests in the report output.

Requester ID

Type the profile ID of the requester for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

Requester attributes to display

Select one or more profile attributes if you want to display extra information about the requester in report output.

Recipient ID

Type the profile ID of the recipient for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

Recipient attributes to display

Select one or more profile attributes if you want to display extra information about the recipient in report output.

Authorizer ID

Type a profile ID that matches the authorizer for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the authorizer who was originally assigned to the request.

Actual authorizer ID

Type a profile ID that matches the "actual authorizer" for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the user who reviewed or acted on an access change request, and is not necessarily the authorizer who was originally assigned to the request.

Authorizer attributes to display

Select one or more profile attributes if you want to display extra information about the actual authorizer in report output. If the Actual authorizer ID is blank, the attributes related to the Authorizer ID will be used.

Implementer

Type a profile ID that matches the implementer for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the implementer who was originally assigned to the request.

Actual implementer ID

Type a profile ID that matches the "actual implementer" for whom you want to run the report. Alternatively, you can search for one or more profile IDs.

This is the user who manually fulfilled an access change request, and is not necessarily the implementer who was originally assigned to the request.

Implementer attributes to display

Select one or more profile attributes if you want to display extra information about the actual implementer in report output. If the Actual implementer ID is blank, the attributes related to the Implementer ID will be used.

Check entry date

Choose a date range for when the request was submitted.

Filter results by last authorization date

Choose a date range for the last authorization date and time:

Location

Select one or more locations from the drop-down list to display information related to specific locations in the report output.

This search field will only be shown in the report search criteria when at least one location is defined in the inventory.

Item type

Select one or more item types from the drop-down list to display information related to specific item types in the report output.

This search field will only be shown in the report search criteria when at least one item type is defined in the inventory.

Request status

Select one or more statuses to include in the report. The request status is the state of the overall request.

Roles

Type an ID that matches the role for which you want to run the report.

Template ID

Select one or more template IDs from the drop-down list to display information related to specific templates in the report output.

This search field will only be shown in the report search criteria when at least one template is defined.

Group ID

Search for one or more managed groups. Alternatively, you can type the long ID of a managed group. Only requests that affect the specified groups are included in the report.

Target system ID

Type a comma-and-space-delimited list of target system IDs to only include requests that affect the specified target systems. Alternatively, you can search for one or more target systems.

Resource ID

Type a resource ID that matches the resource for which you want to run the report.

Operation

Select one or more operations to include in the report.

Requests open for a minimum of days

Type a number in this field to only include requests that are older than the specified number of days.

Display statistics for

Select the category for which you want to display statistics: requesters, authorizers, implementers, operations, target systems, groups, roles, templates, (request) status.

In this mode, the report output includes the number involved requests for each item. The default is "No summary".

Display subtotals

Select one of the "Subtotal by <period>" options to sort the report and show the number of total requests created by the time period selected. The time period is one of: week, month, quarter, or year.

The default is "No subtotals".

Graph type

Select a type of graph to generate for the summarized report. This option is hidden when selecting No summary for Display statistics for field.

  • None: no graph will be generated.

  • Horizontal bar chart: a horizontal bar chart will be generated for the summarized report.

  • Line chart: a line chart to connect each request. This option only shows when Operation is selected for the Display statistics for field, or any option other than No subtotals is selected for the Display subtotals field.

Number of rows for graph

The maximum rows for graph to display. The selected rows will be displayed with the number of requests in descending order.

Request attribute to search

Select a request attribute on which to filter requests.

Test

Select the comparator to apply on selected request attribute.

  • is equal to if you want Bravura Security Fabric to search on values equal to a specified string.

  • is not equal to if you want Bravura Security Fabric to search on values not equal to a specified string.

  • contains if you want Bravura Security Fabric to search on values that contain a specified string.

  • does not contain if you want Bravura Security Fabric to search on values that do not contain a specified string.

  • starts with if you want Bravura Security Fabric to search on values that start with a specified string.

  • does not start with if you want Bravura Security Fabric to search on values that do not start with a specified string.

  • ends with if you want Bravura Security Fabric to search on values that end with a specified string.

  • does not end with if you want Bravura Security Fabric to search on values that do not end with a specified string.

  • is greater than if you want Bravura Security Fabric to search on values that are greater than a specific string.

  • is greater than or equal to if you want Bravura Security Fabric to search on values that are greater than or equal to a specific string.

  • is less than if you want Bravura Security Fabric to search on values that are less than a specific string.

  • is less than or equal to if you want Bravura Security Fabric to search on values that are less than or equal to a specific string.

Value for request attributes

Type the value to compare with.

Request attributes to display

Select one or more request attributes to include in the report.

Show detailed report

The default is to have this option checked to display additional report details.



If you do not specify any search criteria, the report output contains details about all requests.

Click below to view a demonstration.

Requester and recipient affinity

Purpose: Frequency analysis of requester or recipient by profile attribute.

Executable: requestfrequency

Table 7. Requester and recipient affinity report search criteria

Criteria

Description

Check entry date

Choose a date range for when the request was submitted.

Pre-defined request ID

Select one or more pre-defined request IDs from the drop-down list to display information related to specific pre-defined requests in the report output.

Requester or recipient

Select requester or recipient for analysis

Profile attribute

Select one to three profile attributes that you want to add to the report output.

Value type

This field is displayed if a Profile attribute field is other than "Attribute not required". Select the value type of comparator to apply on the profile attribute.

  • is empty if you want Bravura Security Fabric to search on empty values.

  • is not empty if you want Bravura Security Fabric to search on non empty values.

  • is equal to if you want Bravura Security Fabric to search on values equal to a specified string.

  • is not equal to if you want Bravura Security Fabric to search on values not equal to a specified string.

Value

This field is displayed and required if a Value type field is set to is equal to or is not equal to . Type the value of the string to compare with.

This searches against the attribute’s stored string value in the database, regardless of attribute type.

Maximum number of requests

Type a positive integer to only display profile attributes that have total requests less than or equal to this integer. It must be greater than or equal to "Minimum number of distinct values" and is set to infinite (-1) by default.

Minimum number of requests

Type a positive integer to only display profile attributes that have total requests greater than or equal to this integer. It is set to 1 by default.

Graph type

Select a type of graph to generate for the report.

  • None: no graph will be generated.

  • Horizontal bar chart: a horizontal bar chart will be generated for the report.

Number of rows for graph

The maximum rows for graph to display. The selected rows will be displayed with the number of requests in descending order.



Participant response time

Purpose: Lists information about the responsiveness of participants in workflow processes based on the selected participant, date inputs, and request status.

Executable: requestresponse

Table 8. Participant response time report search criteria

Criteria

Description

Search by

Select which type or responses to report:

  • Authorizers responding to authorization requests

  • Implementers responding to implementation tasks

  • Reviewers responding to certification campaigns

<Participant> ID

The title of this option changes depending on how Search by is configured. Type a comma-and-space-delimited list of profile IDs that match the participants for whom you want to generate the report. Alternatively, you can search for one or more profile IDs.

Submit date

Choose a date range for when the request was submitted.

Request status by <Participant>

The title of this option changes depending on how Search by is configured. Select one or more statuses by which to filter requests, tasks, or campaigns.



Click below to view a demonstration.

Inactive requests

Purpose: Analysis of requests which have had no activity in N days. Lists all implementer tasks, and certification campaigns, and requests.

Executable: inactiverequests

Table 9. Inactive requests report search criteria

Criteria

Description

Requester ID

Type a comma-and-space-delimited list of profile IDs that match the requesters for whom you want to generate the report. Alternatively, you can search for one or more requester profile IDs.

Search by

Select the participant to search by:

  • Authorizers: report returns all requests that have been submitted but have not yet been handled by the authorizers.

  • Implementers: report returns all tasks that have not yet been handled by implementers.

  • Reviewers: report returns all certification campaigns that have not yet been handled by reviewers. All reviewers are displayed as single entries.

Authorizer ID

Type a comma-and-space-delimited list of profile IDs that match the authorizers to include in the report output. Alternatively, you can search for one or more profile IDs. Only shown when Search by is set to "Authorizers".

Implementer

Type a comma-and-space-delimited list of profile IDs that match the implementers to include in the report output. Alternatively, you can search for one or more profile IDs. Only shown when Search by is set to "Implementers".

Reviewer ID

Type a comma-and-space-delimited list of profile IDs that match the reviewers to include in the report output. Alternatively, you can search for one or more profile IDs. Configure whether the certification campaign is inactive because it is Waiting on:

  • Certification start : report returns all certification campaigns that have not yet been handled by the reviewers.

  • Certification end: report returns all certification campaigns that reviewers have handled but have yet to sign off.

Only shown when Search by is set to "Reviewers".

Waiting on

Select either "Certification start" or "Certification end" for when the report should be run against.

Submit date

Choose a date range for when the request was submitted.

Requests inactive for a minimum number of days

Type a number of days for the inactive request threshold. The default value is zero; the default setting allows a request to be recognized as inactive the same day it was submitted. This can be set to any number of days; for example, if set to 3 days then requests must be 3 days old before they are considered inactive.

Reference date

This date is the reference from which Requests inactive for a minimum number of days counts backwards to set the inactive request threshold.

Summarize report

Select this checkbox to summarize the report details.

Graph type

Select a type of graph to generate for the summarized report.

  • None : no graph will be generated.

  • Horizontal bar chart : a horizontal bar chart will be generated for the summarized report.

Number of rows for graph

The maximum rows for graph to display. The selected rows will be displayed with the number of requests in descending order.



Stuck requests

Purpose: Show requests that are on hold, and require administrative intervention.

Executable: requeststuck

Table 10. Stuck requests report search criteria

Criteria

Description

Report type

Select report type to select mode of the report details.

  • Show details: Report return all details associated with the suspended requests.

  • Show summary: Select this option to display single row per request that is suspended.

  • Subtotal report: Select this option to summarize the report details.

Submit date

Choose a date range for when the request was submitted.

Reference date

Specify a date to use as a reference for the stuck request threshold. Requests which are older than this reference date are considered to be stuck. The default value is the current date and time.

Graph type

Select a type of graph to generate for the summarized report.

  • None: no graph will be generated.

  • Horizontal bar chart: a horizontal bar chart will be generated for the summarized report.

Number of rows for graph

The maximum rows for graph to display. The selected rows will be displayed with the number of requests in descending order.



Escalated / Delegated requests

Purpose: Analysis of escalation and delegation of requests.

Executable: escalationsdelegations

Table 11. Escalated / Delegated requests report search criteria

Criteria

Description

Participant

Select a participant type:

  • Authorizer: includes requests escalated or delegated by authorizers.

  • Implementer : includes escalated or delegated requests that include an implementer.

  • Reviewer: includes delegated certification campaigns that include a reviewer.

Delegation trigger

Select the type of different triggers of escalation or delegation:

  • All

  • Escalation due to out of office or similar

  • Authorization took too long and was escalated

  • Request was manually escalated early

  • Escalation due to delegation acceptance timeout

  • Manually-initiated delegation

Delegation date type

If required, set the escalation or delegation date by selecting "Use selected date". Otherwise, set to "Date not required".

Delegation date

Specify a Delegation date type to use as a threshold. Requests that are older than the delegation date are evaluated by the report. The default value is the current date and time. This option is only available if Delegation date type is set to "Use selected date".

Request status

Select one or more requests statuses:

  • Needs to inform account authorizers

  • Needs authorization

  • Approved

  • Denied

  • Canceled

  • Approved, performing requested operations

  • Processed

  • On hold pending administrator intervention

Submit date

Choose a date range for when the request was submitted.

Minimum levels of delegation

Specify a value for the minimum level of delegation/escalation to be included in the report. For example: a value of 1 includes all levels, a value of 3 only includes levels 3 and up. Delegation levels indicate how many times something has been delegated. For example, userA delegating to userB, and then userB delegating to userC is a level 2 delegation.

Summarize report

Select this checkbox to summarize the report details.



Request popularity

Purpose: Analysis of the popularity of pre-defined request types, managed resources, operations and workflow participants. Popularity is calculated by counting and grouping requests by specified criteria.

Executable: requestpopularity

Table 12. Request popularity report search criteria

Criteria

Description

Reporting mode

Select a reporting mode:

  • Pre-defined request types

  • Operations

  • Recipients profiles

  • Requesters

  • Authorizers

  • Implementers

  • Reviewers

  • Target systems

  • Groups

  • Roles

Resource type

Select a resource type:

  • Target system

  • Template account

  • Role

  • Managed group

  • Approved exception to segregation of duties rules

    This option is only displayed if Reporting mode is set to Operations .

Target system ID

Search for or type a target system ID. This option is only displayed if Resource type is set to either Target system, Template account, or Managed group.

Managed groups

Search for or type a managed group ID. This option is only displayed if Resource type is set to Managed group, or Reporting Mode is set to Groups .

Submit date

Choose a date range for when the request was submitted.

Minimum frequency

Specify a value for the minimum number of times that a specified request value must be counted in order for it to be included in the report output. The minimum value is 1; the default value is 2.



Click below to view a demonstration.

Requests by status

Purpose: Analysis of requests that have been processed by the Bravura Security Fabric.

Executable: requestsByStatus

Table 13. Requests by status report search criteria

Criteria

Description

Pre-defined request ID

Select one or more pre-defined request IDs from the drop-down list to display information related to specific pre-defined requests in the report output.

Check entry date

Choose a date range for when the request was submitted.

Requester ID

Type a comma-and-space-delimited list of profile IDs that match the requesters for whom you want to generate the report. Alternatively, you can search for one or more requester profile IDs.

Recipient ID

Type a comma-and-space-delimited list of profile IDs that match the requesters for whom you want to generate the report. Alternatively, you can search for one or more requester profile IDs.

Request status

Select one or more requests statuses:

  • Calculating authorizers

  • Needs authorization

  • Approved

  • Denied

  • Canceled

  • Unapproved

  • Approved, performing requested operations

  • Processed

  • On hold pending administrator intervention

  • Request unposted

Operation result

  • Pending fulfilment

  • Abort

  • Success

  • Waiting to process request

  • Resource required due to role assignment

  • Fail

  • Processed



In this section: