Regarding search query in sailpoint isc . I need some search query for fetching the log report for roles and entitlements. The report should also include the role or entitlement on which the action(add, remove) has been performed.
Hi @sumav
To get actions on roles or entitlements, filter by type:"ENTITLEMENT_CHANGE" or type:"ROLE_CHANGE". Use additional filters like action:"ADD" or action:"REMOVE" to narrow results. Also include modified.date and target.name fields to get timestamps and object names. Example query:
type:"ENTITLEMENT_CHANGE" AND action:"ADD"
Thanks
Manvitha.Nalabolu
Hi @sumav,
Adding to @ManvithaNalabolu06 reply, here’s a more direct breakdown for fetching entitlement and role activity in SailPoint ISC…
Search Query Examples:
Entitlement added:
type:“ENTITLEMENT_CHANGE” AND action:“ADD”
Entitlement removed:
type:“ENTITLEMENT_CHANGE” AND action:“REMOVE”
Role assigned:
type:“ROLE_CHANGE” AND action:“ADD”
Role removed:
type:“ROLE_CHANGE” AND action:“REMOVE”
Suggested Fields to Include:
target.name – Role or entitlement name
actor.name – Initiator of the action
modified.date – Timestamp of the change
source.name – Source system (optional)
type, action – For context and filtering
Have a nice and great one!
Regards,
Mustafa
1 Like