Need Specific Report

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

Hi Folks,

I am looking after generating report in Sailpoint based on below fields:

  1. SailPoint Role Name,
  2. User Name,
  3. User Business Unit,
  4. User Team,
  5. User’s Manager Name,
  6. Indication of whether this SailPoint role is part of an established team bundle

What’s the best way to set this report via search query to be send to user on daily basis?

2

Hi Maninder,

Unfortunately, you cannot combine attributes from two different search indices (identities and access) into one query natively in SailPoint. I can think of three options to generate this report:

  1. Create a search subscription report per role (ie. @access(type:ROLE and name:)) - then you include the identities’ user name, business unit, team columns in the report
  2. If you export this data to an external datalake (databricks, snowflake, etc) then you can write a sql query to join this data and generate a report
  3. Schedule a script to pull identities and their roles. Then generate a csv from this script to send in an email

Thanks,

Liam

3

Are you looking for this information from all roles, or from a Specific Role? As @liamkokeeffe mentioned, if this is a specific role, you can use his first suggestion.

If you could provide more detail as to what you want the output to look like, that would be helpful.

Also, I assume that User Business Unit, User Team and the idea of “Established Team Bundle” are custom attributes/configuration for your system, so if you could give a little more detail into how those related to eachother, that would be helpful as well.

1 Like
4

Thanks Liam, but the variable is not a valid string in Search –> “type:ROLE”.

Also trying to get access profile from roles API so I can check the Point 6 to identify if its part of any bundle role or not, but again constraint since the postman wont give all the roles details due to limit of 250 roles at a time.

5

Thanks Geoff,

I want to extract role names contains specific word like “ADS” and get such details. Manually able to extract and vlookup it. But thinking of a way how to use API or search query to get data at once.

Also, needed to check if those specific names are part of any bundle roles or not and the date when this role is provisioned to user.

6

@msingh39 Entire list of roles of your tenant can be extracted via list-roles | SailPoint Developer Community , and saved in some file (but watch out for pagination if your tenant consists more than 50 roles, you’ll need to include offset of 50 in the API call).

After that, you can extract the role names (via script, programmatically).

If User Business Unit, User Team, team bundle are actually “criteria“ which certain birthright role contains, and something you want to search roles by as well (on top of “if role contains ABC in name“), that can be done as well using script.

But you can provide more details in case of misunderstanding as @gmilunich mentioned.