I am planning to extract following data from Identity IQ via either reports or SQLs(as last option). Could you please let me know what best options I have to exact the data?
Identity name, list of entitlements have outside of the roles (not 100% sure, those are called exceptions). If I could get this data either in a Single report or multiple reports and use excel for further conversion is also fine.
If I could not get this using a single report. I am planning to get the list of entitlements an Identity have into ONE report, 2nd report to pull the business roles and all the associated entitlements(via IT roles) and then get the difference. I feel, 2nd report seems to be complicated as there are lot of levels as there multiple tables are involved to get the roles report.
I have used the API at my previous organization but unfortunately that is not an option my current organization wanted to follow. Please let me know if there are any easier ways to pull this info.
Please let me know if you need any more information.
You can create a custom report by using QueryOption and Filter object and collect the data you need in String List and then use Email Attachment and EmailOptions to sent the collected report over email as attachment.
Hey @venus , If I’m not wrong then wont a report with just the identity and its entitlement in a particular application fulfil your requirement instead of getting two reports and then comparing it. I would say you also think about a rule runner task which can look into getting entitlements of the identities in the particular application (which you are looking for) put that in a csv and send that in csv over an email.
The best approach will be to use Identity IQ Reports. The Datasource object can be IdentityEntitlements and filter with grantedByRole equals to false to get the users and their entitlements which are not assigned by Role.
Thanks you for your suggestion, I tried custom report with the link you have shared. I noticed strange issue with my DB. I ran the below query just to validate my report, but does not return any results. Is there anything wrong with our environment?
SELECT * FROM spt_identity_entitlement where granted_by_role=1;
There is no impact even though to report though I use the filter by grantedByRole.
That is strange.
It should be having values if you have entitlements assigned via role. And how is the report returning results if you are having the same criteria?
There is also an option to start a certification (manager or application) with the following options:
Using a certification (Access Review) you keep the data within IdentityIQ and have it assigned to a person to review. It also provides a way to make decisions on which additional entitlements are allowed or should be removed.
I wanted to get the list of IT roles and their associated entitlements. Can I use RoleEntitlement as a datasource and build a custom report to pull this info?
Basically, I wanted below fields.
RoleName, Entitlement(Value and Name), ApplicationName.
Have you looked at the OutOfTheBox report ‘Role Profiles Composition Report’ ?
If you want to split the entitlements into app - property - value, I would suggest to create a Java Source report, which gives full control on what you want and how it will look etc.
