Skip to content

Exporting Risk Analysis Data

Use Data Export to extract a complete copy of all reporting data from any completed Risk Analysis that is available via Online Reports into a portable, GZIP-compressed SQLite database. This gives you offline access to all details needed for compliance audit evidence when you need to provide immutable analysis results with metadata; validated, full-result details of your implementation; and the ability to complete deep-dive analyses using external reporting tools.

Downloading an Export

To download a data export from Access Risk Management:

  1. Go to Online Reports > User Based Reports or Role Based Reports.
  2. Select Analysis Selector at the upper right.
  3. The Analysis Selector modal lists all available Risk Analyses. Locate the analysis you want and select Export from the left column of that row.
  4. You will be redirected to Activity History > Data Exports. The status of your export updates to Success when the job is complete.
  5. Select Download to download the data.

Export File Contents

The downloaded data export file is a GZIP-compressed SQLite database, containing four tables: Analysis Properties, Properties, Role Based Hit Details, and User Based Hit Details.

Analysis Properties

The Analysis Properties table stores high-level metadata about the exported Risk Analysis. This table is critical for understanding the context of the results. Properties include:

  • Total User Analysis Detail Records - Count of all user-based hit rows at the authorization object field value level.
  • Total Role Analysis Detail Records - Count of all role-based hit rows at the authorization object field value level.
  • Analysis Date - Timestamp when the analysis was executed.
  • Total Unique User-Risks - Number of distinct user risks identified. For example, 1 user with 10 risks = 10 user-risks, or 10 users with 1 risk each = 10 user-risks.
  • Number of Rules Analyzed - How many risks from the rulebook were analyzed as part of the Risk Analysis.
  • System Name - SAP system analyzed (e.g., S4H_GOLD).
  • Role Utilization From/To Date - Date range used to calculate the Action Execution Count and Action Last Executed Date columns.
  • Rulebook Name - Version of the rulebook used (e.g., MSRB_BASELINE.xlsx).
  • Number of Users Analyzed - Total users included in the Risk Analysis.
  • Number of Roles Analyzed - Total roles included in the Risk Analysis.
  • Analysis Name - Name specified when scheduling the Risk Analysis.
  • Analysis ID - Unique ID of the Risk Analysis.

Properties

The Properties table is a mapping of each exported table to its row counts and export timestamp. You can use this information to validate how many rows were exported and when the export was performed.

Role Based Hit Details

The Role Based Hit Details table contains reportable details for inherent role risks in SAP single and composite roles. Columns include role type, analyzed role, child role, business function, action, authorization object and field, and execution details inferred from any users assigned to the role.

User Based Hit Details

The User Based Hit Details table contains reportable details for user-specific risks. Columns include user information (username, full name, group, active or locked status), role assignments, business function, action, authorization object and field values, execution data, and mitigating controls.

Using a Data Export with SQLite

To start using your data export with SQLite:

  1. Uncompress the .gz file using any available file compression utility.
  2. Install a free tool such as the open source DB Browser for SQLite.
  3. Open the downloaded SQLite .db file using the SQLite DB browser.
  4. Use the Browse Data tab to explore the table details.
  5. Use the Execute SQL tab to run SQL queries.
  6. Optionally, you can export the results into CSV format by going to File > Export > Table(s) as CSV files.

Note

Any dataset over a million rows can’t open in Excel until you filter the results to be under the million-row limit.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.