I need a query for below requirement :
Can you go through the below documentation having audit events search query present inside it help implement your search query.
1 Like
This query will return the events of role changes that occurred in last 30 minutes :
technicalName:"ROLE_UPDATE_PASSED" AND created:[now-30m TO now]
The target column in the resulted events is the name of the role.
Thanks
Sid
1 Like
hey thanks @sidharth_tarlapally You mean this will give us role change by role change you mean new role assigned to a user or removed from user?
You can use a query like the one below:
@accountRequests(attributeRequests.op:“Add” AND attributeRequests.name:“assignedRoles” AND attributeRequests.value:“ROLE_NAME” AND source.name:“IdentityNow”) AND created:[now-30d TO now]
i am not getting anything when i searched that query
@accountRequests(attributeRequests.op:“Add” AND attributeRequests.name:“assignedRoles” AND attributeRequests.value:“ROLE_NAME” AND source.name:“IdentityNow”) AND created:[now-30d TO now]
Please update ROLE_NAME in above query as per requirement or use below query if you want to get result for all roles:
@accountRequests(attributeRequests.op:“Add” AND attributeRequests.name:“assignedRoles” AND source.name:“IdentityNow”) AND created:[now-30d TO now]
1 Like
,
No , this will provide events related to changes made to a role, such as:
- Role name updates
- Description changes
- Entitlements or access profiles being added or removed
Based on your stated requirement, this should meet your need. Please let me know if this isn’t what you were referring to.
Have you tried using this query ?
Hi @Rakesh_Singh_1234 ,
You can look for the technical name if you are looking for a specific type of event. else, you can paste the role name in double inverted commas “role name” and it will give you all events in search.
Inorder to receive it periodically, sailpoint allows daily schedule of one hours with UI.
Hope it helps.
Kind regards,
Aayush