Data quality reports
Users with no managers
Purpose: Shows users who do not have a manager in the OrgChart.
Executable: usersnomanagers
Criteria | Description |
|---|---|
Report type | Select a report type:
|
The top manager is not considered a user with no manager.
Inconsistent account attributes
Purpose: Reports on users with corresponding account attributes that have inconsistent values.
Executable: inconsisacctattrib
Criteria | Description |
|---|---|
Attribute | Select one or more profile attributes for which to report inconsistencies. Attributes are only displayed here if they can be applied to a user profile (not request-only). |
User ID | Type the ID of the user for whom you want to generate the report. Alternatively, search for one or more user profile IDs for which to report inconsistencies. |
Invalid user attributes
Purpose: Reports on users with profile attribute values that do not meet validation rules.
Executable: invaliduserattr
Criteria | Description |
|---|---|
Attribute | Select one or more attributes from the list of profile attributes. By default, the report will search for all attributes. Attributes are only displayed here if they can be applied to a user profile (not request-only). |
Report type | Select a report type:
|
Disappeared groups
Purpose: Shows managed groups where the corresponding target system has disappeared.
Executable: disappearedgroups
Criteria | Description |
|---|---|
Target system ID | Type a comma-and-space-delimited list of target system IDs to list invalid managed groups from those systems. Alternatively, you can search for one or more target systems. |
Show resources | Select this checkbox if you want to display resources that use the disappeared group. |
Users with inactive roles
Purpose: Shows users with deprecated, disabled, or not assignable roles.
Executable: inactiveroles
Criteria | Description |
|---|---|
Roles | Type a comma-and-space-delimited list of roles to include in the report. Alternatively, you can search for one or more roles. |
Role status | Select one or more role statuses to include in the report:
|
Duplicate entries can appear in report output if you select multiple role statuses and a role has multiple statuses of invalidity, or a user has multiple roles which are in different statuses of invalidity.
For example, if a role is both deprecated and unassigned, and a user has both roles, then that user is reported twice.
Entitlements with invalid authorizers
Purpose: Reports on entitlements with invalid or insufficient authorizers.
Executable: invalidauthor
Criteria | Description |
|---|---|
Report type | Select a report type:
|
Entitlement type | This is the type of resource from which you want to list invalid or insufficient authorizers. Select an entitlement type:
|
Target system ID | Type a comma-and-space-delimited list of target system IDs to list entitlements from those systems. Alternatively, you can search for one or more target systems. This option is only displayed if Entitlement type is set to Target system , Template account , or Managed group . |
Managed groups | Type a comma-and-space-delimited list of managed groups to list entitlements for those groups. Alternatively, you can search for one or more managed groups. This option is only displayed if Entitlement type is set to Managed group . |
Roles | Select one or more roles. This option is only displayed if Entitlement type is set to Role and there is at least one role defined. |
Segregation of duties rules | Select one or more SoD rules. By default, all SoD rules are included in the report output. This option is only displayed if Entitlement type is set to Segregation of duties rules and there is at least one SoD rule defined. |
Include discovery templates | Select to include discovery templates for target systems. This option is only displayed if Entitlement type is set to Target system . |
Invalid reviewers
Purpose: Invalid reviewers assigned to active certification campaigns.
Executable: invalidcertifiers
Criteria | Description |
|---|---|
Campaign description | Type the description of one or more certification campaigns to only include those rounds in the report. Alternatively, you can search for one or more certification campaigns. |
Certification method | Select a value to only include saved configurations with a matching certification method. The possible values are:
|
Choose start date | Define a date range. |
Profile attribute histogram
Purpose: Show the distribution of profile attribute.
Executable: profileattrhistogram
Criteria | Description |
|---|---|
Profile attribute to analyze | The profile attribute which is used tally. |
Profile attribute to search | Select a profile attribute and the value to filter the users that are considered to be included in the results. |
Comparator | This field is displayed if a Profile attribute to search field is other than Attribute not required. Select the value type of comparator to apply on the profile attribute to search.
|
Value | This field is displayed and required if a Comparator field is set to is equal to or is not equal to . Type the value of the string to compare with. This searches against the attribute’s stored string value in the database, regardless of attribute type. |
User class ID | Select the single participant user classes to filter the users that are considered in the totals. |
Minimum value | The minimum value to include. |
Maximum value | The maximum value to include. |
Size of bands | The size of bands that are tallied. |
Graph type | The graph type to display the data bands. |
Profile attribute frequency
Purpose: For a given attribute or a set of two profile attributes, show all values (or combinations of two values) that appear at least a specified number of times. This includes individual values of multi-valued attributes as well as duplicate values where multiple values and duplicates are allowed for an attribute.
Executable: profileattrfreq
Criteria | Description |
|---|---|
Attribute | Enter the profile attribute for which to count the value frequency. |
Attribute value to search | Type the value of the profile attribute. |
Attribute | Optionally, enter the second profile attribute for which to count the value frequency in combination with the first one. |
Attribute value to search | This field is displayed if the second attribute is other than "Attribute not required". Type the value of the profile attribute. |
Minimum frequency | Enter the minimum appearance count for an attribute value to be displayed. |
Graph type | Select the graph type:
|
Number of rows for graph | The maximum rows for graph to display. The selected rows will be displayed with the frequency of attributes in descending order. |
Mismatched role assignments
Purpose: Lists roles per user where the user has been assigned the role and has some or all of the entitlements, but the correct information is not reflected in the Bravura Security Fabric database. For example, a user is assigned a role that includes only template accounts. A managed group is later added to the role, and the user is added to the group out of band. In this case the user meets the role requirements, but the database does not contain correct information.
Executable: mismatchedrole
Criteria | Description |
|---|---|
Reference role | The roles to show surpluses or deficiencies for. |
Show mismatch based on expanded role definitions | The mismatched items are expanded on sub-roles to display deficient and surplus entitlements. |
Users with missing accounts
Purpose: Lists users that do not have an account on a target.
Executable: missingaccounts
Criteria | Description |
|---|---|
UserID | Type the ID of the user or search to find a user for whom you want to generate the report. |
Attribute | Select a profile attribute from the drop-down list. A value is required once an attribute is selected. |
Target system ID | Type in the target system ID or search to find the target system to report users that do not have an account. |
Profile attribute coverage
Purpose: Show the number of times a given profile attribute is used.
Executable: profileattrcoverage
Criteria | Description |
|---|---|
Minimum number of distinct values: | Type a positive integer to display only profile attributes that have the "Number of distinct values" greater than or equal to this integer. It is set to 1 by default. |
Maximum number of distinct values (-1=infinite): | Type a positive integer to display only profile attributes that have the "Number of distinct values" less than or equal to this integer. It must be greater than or equal to "Minimum number of distinct values" and is set to infinite (-1) by default. |
Minimum percentage of users with a value (%): | Type an integer between 0 and 100 to display only profile attributes that have the "Percentage of users with a value" greater than or equal to this integer. It is set to 0 by default. For each profile attribute, the "Percentage of users with a value" is calculated as its "Number of users with a value" divided by "Number of users excluding console users and superusers". |
Maximum percentage of users with a value (%): | Type an integer between 0 and 100 to display only profile attributes that have the "Percentage of users with a value" less than or equal to this integer. It must be less than or equal to "Minimum percentage of users with a value" and is set to 100 by default. For each profile attribute, the "Percentage of users with a value" is calculated as its "Number of users with a value" divided by "Number of users excluding console users and superusers". |
OrgChart loop
Purpose: Lists loops in the source data (for example, the "manager" account attribute in an Active Directory system) used to build the OrgChart.
The results are returned as a path in the following manner: UserA, UserC, UserB, UserA
What this means is UserA is a manager of UserB, UserB is a manager of UserC, and UserC is a manager of UserA.
Executable: orgchartloop
Search Criteria: None
Group loops
Purpose: Lists cyclic groups found on target systems.
The results are returned as a path in the following manner: GroupA, GroupB, GroupC, GroupD, GroupE
What this means is GroupB is a member of GroupA, GroupC is a member of GroupB, and so on and so forth. The final group, GroupD is the owner of the first group, GroupA
Executable: grouploops
Criteria | Description |
|---|---|
GroupID | Type the ID of the group or search to find a group for which you want to generate the report. |
Target system ID | Type in target system ID or search to find target system to report all cyclic groups on that target. |
Resource attributes
Purpose: Returns resources based on their attributes.
Executable: resourceattributes
Criteria | Description |
|---|---|
Resource type | Select a resource type:
|
Resource attribute | Select a resource attribute on which to filter resources. You can select up to eight attributes. The union of all attributes configured will be returned. For detailed reporting, only the resource attributes for the resource type configured are available. For summarized reporting, all resource attributes are available. If no attributes are specified, the report lists all resources filtered by resource type. |
Comparison | This field is displayed if a Resource attribute field is something other than Attribute not required . Select the comparator to apply on the selected resource attribute. Comparators available depend on the resource attribute type.
|
Value | This field is displayed and required if a Comparison field is set to something other than is empty or is not empty . Type or select the value to compare. |
Resource attribute to display | Choose which resource attributes to display alongside the resources. |
Summarize report | Select this option to summarize the report. In this mode, the report includes a count of each resource type. |
If you do not specify any search criteria, the report output includes all resources.
Entitlements with invalid implementers
Purpose: Reports on entitlements with invalid or no implementers.
Executable: invalidimplementers
Criteria | Description |
|---|---|
Report type | Select a report type:
|
Entitlement type | This is the type of resource from which you want to list invalid or no implementers. Select an entitlement type:
|
Target system ID | Type a comma-and-space-delimited list of target system IDs to list entitlements from those systems. Alternatively, you can search for one or more target systems. This option is only displayed if Entitlement type is set to Target system or Managed group |
Managed groups | Type a comma-and-space-delimited list of managed groups to list entitlements for those groups. Alternatively, you can search for one or more managed groups. This option is only displayed if Entitlement type is set to Managed group . |
Template accounts | Select one or more accounts. This option is only displayed if Entitlement type is set to Template account and there is at least one template account defined. |
Include inherited implementers | Select to include implementers inherited from the target system. This option is only displayed if Entitlement type is set to Template account or Managed group . |
Include discovery templates | Select to include discovery templates for target systems. This option is only displayed if Entitlement type is set to Target system . |