Search Identities and their accesses

zeel_sinojia · September 13, 2024, 3:26pm

Hello,

We are trying to get a report using Search which has information of the User and their access.

E.g.,
User1 AccessProfile1
User1 Entitlement1
User2 AccessProfile1
User2 AccessProfile2
User2 AccessProfile3
User3 Entitlement1

The query I am using for this is:
@access(source.name.exact:"SOURCE_NAME")

However this query is returning me every access user has irrespective of the source.

I am not sure if my query is incorrect or the data is supposed to look like this only.

What should be the correct query or way to prepare such kind of data?

shekhardas1825 · September 13, 2024, 3:32pm

You can prepare a search which will give you list of users as you expecting and then you will see an option to download with access items in drop down

zeel_sinojia · September 13, 2024, 3:40pm

Hey @shekhardas1825 ,

Yes I am aware of that. The only issue is the report has data from all the sources. There are around 20 sources and it is a lot of data.

My requirement is to fetch the user and their access information for only single source.

Thanks

gourab · September 13, 2024, 3:46pm

Hi @zeel_sinojia ,
In that case just use source.name.exact:“source_name” / source.name:“source_name” / source.id:“Source_id” instead and download the report

zeel_sinojia · September 13, 2024, 3:53pm

Hey @gourab,

I feel like I am already doing that, this is the query I used:
@access(source.name.exact:"SOURCE_NAME")

gourab · September 13, 2024, 3:55pm

Could you please try without @access and use source.id instead

zeel_sinojia · September 13, 2024, 3:57pm

That will give you all the access profile, entitlements and roles from that source. I need users who has the accesses from a particular source.

Edit: I tried the query you mentioned, as expected it gives me access profile and entitlements.

gourab · September 13, 2024, 4:19pm

Hi @zeel_sinojia ,
I see the issue , the query you are using will also give you other account details the user has. Instead search , a workaround could be get accounts api or directly download accounts from source itself.

shekhardas1825 · September 13, 2024, 4:23pm

@zeel_sinojia try below

@accounts(source.name.exact:“”) AND @access(name.exact:“<AccessProfile / entitlement>”)

using this you can get all the users with specific account and access.

You do not have to generate a report because you already specifying the access items, report will give you all the source and their access.

Save this search with required attributes and subscribe it you will get the list of users in table. Or Just download the user without access items as you are already filtering them in search query.

OR you can do below as well:

You can prepare a search which will give you list of users as you expecting
Enable “Include Access Details” from the drop down
Download the report and filter with source

Putting all aspects that I can think of

nikhleshsdg · September 13, 2024, 5:00pm

@zeel_sinojia,

I have tried earlier to get this data but could not find fetch as per this requirement, not sure of we can fetch data specific to this requirement.

shaileeM · September 13, 2024, 5:17pm

If there is no hard requirement to use the Search UI, you can explore to use PowerShell script which can call search API with @access(source.name.exact:"SOURCE_NAME"). Parse the response to drop the unwanted information and generate a csv report accordingly.

zeel_sinojia · September 18, 2024, 5:39am

The workarounds here works. I would just discuss those with the folks and work with one of the way.

I thought when I download the report from the search, it will download the same information as shown on the UI. On search UI, I can see proper details regarding number of accesses a user has from a particular account. I was downloading the report to get the actual access names. The data in the reports disregards the query and download the whole data.

Is this a bug or this is how it should behave?

shekhardas1825 · September 18, 2024, 6:37am

@zeel_sinojia This is how it behaves as you are selecting “Include Access Details” it will bring all the access it has but you can filter them with source name.

zeel_sinojia · September 18, 2024, 6:44am

Hey @shekhardas1825,

Okay. I just thought “Include Access Details” means the details I am getting on the UI, include only those details.

I feel it would be good to get the option to download the reports exactly I see on the UI. Just feels weird to write an query to fetch the curated data on the UI and then download the report and apply filters later on the CSV to get the data for which you already wrote a query.

system · November 17, 2024, 6:45am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to fetch ALL Access Profiles in a tenant with a search query? ISC Discussion and Questions identity-security-cloud , access-profiles	13	1369	October 22, 2023
Query report for all entitlements for a specific user ISC Discussion and Questions identity-security-cloud , reports , entitlements	4	76	December 7, 2024
All User Access Report ISC Discussion and Questions	3	952	July 19, 2023
Access profile reports with identities information ISC Discussion and Questions identity-security-cloud , access-profiles , reports	5	261	March 12, 2024
Search query in Identitynow to get list of source names ISC Discussion and Questions	3	1744	July 19, 2023

Search Identities and their accesses

Related topics