Segregation of duties reports
Approved exceptions to rules violations
Purpose: Report on users with approved exceptions to SoD rules violations.
Executable: sodexceptions
Criteria | Description |
|---|---|
Report type | Select the type of report:
|
Segregation of duties rules | Enter one or more SoD rules to include in the report. All SoD rules are included by default. |
User ID | Type a user's profile ID to only list exceptions that apply to that user. Alternatively, you can search for one or more profile IDs. |
Summarize report | Select this checkbox to summarize the report details. In this mode, the report output contains approved exceptions for each user. Statistics show the SoD rule that the user has been approved for. |
Column | Description |
|---|---|
User ID | The profile ID of the user with the exception. |
User name | The full name of the user. |
Rule ID | The SoD rule identifier. |
Rule description | The description of the SoD rule. |
Rule status | Whether the approved exception is currently valid. Possible values: Valid, No longer valid. |
Column | Description |
|---|---|
User ID | The profile ID of the user with the exception. |
User name | The full name of the user. |
Rule ID | The SoD rule identifier. |
Rule description | The description of the SoD rule. |
Member type | The type of entitlement: managed group, template, or role. |
Member description | A description of the member entitlement. |
Approved exception date | The date the exception was approved. |
Approved exception expiry | The expiry date of the approved exception. |
Requester reason | The reason provided by the requester for the exception. |
Exception authorizer | The user who authorized the exception. |
Authorizer notes | Notes provided by the authorizer. |
Rule status | Whether the approved exception is currently valid. Possible values: Valid, No longer valid. |
Column | Description |
|---|---|
Rule ID | The SoD rule identifier. |
Rule description | The description of the SoD rule. |
Count | The number of users with approved exceptions for this rule. |
Segregation of duties rules
Purpose: Lists member entitlements and authorizers for exceptions to SoD policy.
Executable: sodrules
Criteria | Description |
|---|---|
Segregation of duties rules | Select one or more SoD rules to include in the report. All SoD rules are included by default. |
Template accounts | Select one or more template accounts. Only SoD rules that contain the specified template accounts are included in the report. |
Managed groups | Type the long ID of one or more managed groups for which you want to run the report. Only SoD rules that contain the specified groups are included in the report. Alternatively, you can search for one or more target systems. |
Roles | Select one or more roles. Only SoD rules that contain the specified roles are included in the report. |
Show authorizer | Select this checkbox to generate a report listing the authorizers for each matching SoD rule. |
Show deprecated | Select this checkbox to include only deprecated SoD rules in the report. |
Column | Condition | Description |
|---|---|---|
Rule ID | Always | The SoD rule identifier. |
Rule description | Always | The description of the SoD rule. |
Deprecated | Show deprecated is selected | The date the rule was deprecated. |
Member type | Always | The type of SoD rule member: managed group, template, or role. |
Member ID | Always | The identifier of the member entitlement. |
Member description | Always | A description of the member. For managed groups and templates, this is the target system name followed by the group or template name. For roles, this is the role description. |
Column | Condition | Description |
|---|---|---|
Authorizer source | Always | The source of the authorizer: Explicit or User class. |
Rule ID | Always | The SoD rule identifier. |
Rule description | Always | The description of the SoD rule. |
Deprecated | Show deprecated is selected | The date the rule was deprecated. |
Authorizer ID | Always | The profile ID of the authorizer. |
Authorizer name | Always | The full name of the authorizer. |
Phase | Always | The authorization phase the authorizer belongs to. |
Segregation of duties rules violations
Purpose: Users in violation of SoD rules policy, and the rules that they have violated.
Executable: sodviolator
Criteria | Description |
|---|---|
Report type | Select the type of report:
|
Segregation of duties rules | Select one or more SoD rules to include in the report. All SoD rules are included by default. |
User ID | Type a user's profile ID to only list violations that apply to that user. Alternatively, you can search for one or more profile IDs. |
Show deprecated | Select this checkbox to include deprecated SoD rules in the report. |
Column | Description |
|---|---|
User ID | The profile ID of the violating user. |
User name | The full name of the violating user. |
Rule ID | The SoD rule identifier. |
Rule description | The description of the SoD rule. |
This table applies to the "List of segregation of duties policy violators", "List ... with insufficient approved exceptions", and "List ... with no approved exceptions" report types.
Column | Description |
|---|---|
User ID | The profile ID of the violating user. |
User name | The full name of the violating user. |
Rule ID | The SoD rule identifier. |
Rule description | The description of the SoD rule. |
Member type | The type of entitlement causing the violation: managed group, template, or role. |
Member description | A description of the member entitlement. |
Approved exception date | The date the exception was approved, if applicable. |
Approved exception expiry | The expiry date of the approved exception, if applicable. |
Requester reason | The reason provided by the requester for the exception. |
Exception authorizer | The user who authorized the exception. |
Authorizer notes | Notes provided by the authorizer. |
Column | Description |
|---|---|
Rule ID | The SoD rule identifier. |
Rule description | The description of the SoD rule. |
Count | The number of users in violation of this rule. |