Reviewing What If Analysis Results
To view user, role, and composite role What If results, select View next to your analysis in Activity History or go to WHAT IF ANALYSIS > RESULTS and select View. To download the analysis as an .xlsx file, select Download.
Analysis results show a high-level summary view and the authorizations that make up the risk or role. You can also see the number of unmitigated risks for pre-existing conflicts and for new conflicts.
Select the Download icon to download the report as an .xlsx. Select the Comment icon to add a comment about a specific item in the report or select the Book icon to see more granular information about the permission changes in the analysis.
To return to the summary view from the detailed view, select the Refresh icon in the upper-right corner.
Viewing User What If Analysis
The User What If analysis identifies the risks that surfaced by changing a user's roles.
This analysis shows these key data points:
-
Risk rating - The level of risk associated with the role assignment.
-
Conflict Source - Identifies if the risks are new or pre-existing. The three possible values are:
-
Existed Before Changes - The risk was already present based on the user's previous access.
-
Caused By Changes - This change introduces a new risk.
-
Gone After Changes - The user will no longer have the access that created this risk.
-
-
Business Function Hits - This shows a total of every single "hit," or authorization object, within the business functions. The different categories for the business function hits are:
-
Existed Before Changes - The user already had access to these authorizations.
-
Caused By Changes - The user will have these new authorizations if the proposed changes are applied.
-
Gone After Changes - The user will no longer have access to these authorizations if the proposed role changes are applied.
-
Select the Book icon to see more information about the permissions, including the hit source, function code, object, field, and more.
Viewing Single Role What If Analysis
The single role What If analysis identifies the risks that surfaced by adding transaction codes to a role, including these key data points:
-
Risk rating - The level of risk associated with the transaction code assignment.
-
Conflict Source - Identifies if the risks are new or pre-existing. The two possible values are:
-
Existed Before Changes - The risk was already present based on the role's previous access.
-
Caused By Changes - The change introduces a new risk.
-
-
Business Function Hits - This shows a total of every single "hit," or authorization object, within the business functions. The different categories for the business function hits are:
-
Existed Before Changes - The role already had access to these authorizations.
-
Caused By Changes - The role will have these new authorizations if the proposed changes are applied.
-
Gone After Changes - The role will no longer have access to these authorizations if the proposed changes are applied.
-
Select the Role Reporting tab to see more specific information about the rules and their effect on the roles.
Select the Book icon on either tab for more information about the hit source, function code, object, field, and more.
Viewing Composite Role What If Analysis
The composite role What If results show changes to the inherent risk within the role and the impact on users when roles are removed or added from the composite. See the Viewing Single Role What If Analysis for more details.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.