Scheduling Jobs

Use Schedule Jobs to schedule reporting jobs to run either one time or on a cadence that you define. This option is available in the left navigation for the following jobs:

• Security Extract
• Utilization Extract
• Risk Analysis - NEW
• Risk Snapshot
• User Analysis
• Role Analysis

Security Extract

Refer to Scheduling Security Extracts.

Utilization Extract

Refer to Scheduling Utilization Extracts.

Risk Analysis NEW

If you are taking advantage of the Fiori-enabled capabilities within Access Risk Management, the risk analysis is generated slightly differently and it includes SOD and Sensitive Access analyses. You can use the risk analysis for reporting as well as What If functionality.

To run a risk analysis:

1. Go to Schedule Jobs > Risk Analysis.

2. Use the Repeat dropdown to indicate whether this is a one-time job or scheduled to reoccur. Options are Do not repeat, Monthly, Weekly, or Daily.

   • When you select Do not repeat, use the calendar selector to indicate the specific date range to include in the risk analysis. Use the Security Extract selector to choose which extract to apply.
   • When you select a recurring option, such as daily, weekly, or monthly, the utilization period is determined by your selection and a live security extract is used.

   Tip

   Schedule Utilization Extracts to run on the same schedule, ideally 30-60 minutes before the Risk Analysis.

3. Use the Rulebook dropdown to select a rulebook to apply to your risk analysis.

   Note

   Risk Analysis only works with one of the new rulebooks, available under Risks > Rulebooks > Multi-System Rulebooks.

4. In the Extract field, use the Edit icon to choose an extract. If you want to remove it, select Clear.

5. Utilization Data Range defaults to one year. Select the calendar icons to customize your date range.

   Note

   Utilization data is pulled from the SAP Security Audit Log (SM20). If the data does not exist in SAP, it cannot be extracted.

   Make sure to use an Access Risk Management agent released in July 2024 or newer.

   Existing customers prior to July 2024 need to schedule utilization extracts in order to import data from the SAP Security Audit Log, since that is the new source for all utilization data.

   Here’s how:

   Once you’ve configured your agent, schedule utilization extracts for each of the prior months. After running those jobs and extracting the data you need from the new data source, your new risk analyses will include the appropriate data.

   If you need assistance, contact support.

6. Select Submit.

Risk Snapshot

All online reports are part of the Risk Snapshot. To schedule this job, select Schedule Jobs > Risk Snapshot.

The following information needs to be populated to schedule a risk snapshot:

• Repeat - Used to determine if this is a one-time job or scheduled to reoccur. The options are to not have it repeat and just run once, or schedule it to run monthly, weekly, or daily.

  SailPoint recommends running the risk snapshot at least monthly to ensure you are capturing the historical information around user access and monthly utilization data since SAP only retains it for three months.

  Many organizations choose to run the snapshot more frequently, such as weekly if weekly transports to production are done or even daily if a project is taking place that has constant updates being made in SAP.

Note

If you schedule a job to run on a recurring basis, the Security Extract and Utilization Extract can only be set to use live data.

You can review all recurring jobs by selecting Recurring Tasks from the left navigation.

• Report Name – Enter a name or review and accept the default report name. The default includes the date/time, user who scheduled the job, and the rulebook included.
• Email when done - Email to receive notification of completion of the risk snapshot job. This defaults to the user who is scheduling the snapshot.
• Security Extract - Select if you want to use live data, which will run a new security extract to base the snapshot on, or a previously completed security extract.

Note

The Use Live Extract option schedules a new security extract to be run as part of this job. It must complete before the scheduled job can continue, so it can take a bit longer than using an existing extract.

• Rulebooks - Select which rulebook(s) to use for the analysis.
• Months of Utilization - Select how many months of utilization to include on the snapshot. This defaults to the maximum, which is 12 months, or you can select a shorter time.
• Live Utilizations - If selected, the system will run a new utilization extract for any months missing within the period selected to include. Note that SAP stores this data for three months by default so you will most likely get blank extracts for months older than three.
• Include Types and Statuses - Select the checkboxes next to the types and statuses you want to include

After you select Submit, you can view the status of your snapshot report on the Activity History page.

User Analysis

A User Analysis creates a downloadable archive that includes .db and .json files with security analysis information for the users selected.

To schedule this job, select Scheduled Jobs > User Analysis. The following information needs to be populated to schedule the user analysis:

• Repeat - Used to determine if this is a one-time job or scheduled to reoccur. You can choose to run the job once or schedule it to run monthly.

Note

If you schedule a job to run on a recurring basis, the Security Extract and Utilization Extract can only be set to use live data.

You can review all recurring jobs by selecting Recurring Tasks from the left navigation.

• Analysis Name - Enter a name or review and accept the default analysis name. The default includes the type of analysis, email of the user who scheduled the job, environment, and the date/time.
• Security Extract - Select whether you want to use live data, which will run a new security extract to base the snapshot on, or a previously completed security extract.

Note

The Use Live Extract option schedules a new security extract to run as part of this job. It must complete before the scheduled job can continue, so it can take a bit longer than using an existing extract.

• Rulebooks - Select which rulebook(s) to use for the analysis.
• Include Types and Statuses - Select the checkboxes next to the types and statuses you want to include.
• Users Selection - Use the Include, Exclude, and +Add Users buttons to select who to include.

After you select Submit, you can view the status of your job on the Activity History page.

Role Analysis

A Role Analysis creates a downloadable archive that includes .db and .json files with security analysis information for the roles selected.

To schedule this job, select Scheduled Jobs > Role Analysis. The following information needs to be populated to schedule the role analysis:

• Repeat - Used to determine if this is a one-time job or scheduled to reoccur. You can choose to run the job once or schedule it to run monthly.

Note

If you schedule a job to run on a recurring basis, the Security Extract and Utilization Extract can only be set to use live data.

You can review all recurring jobs by selecting Recurring Tasks from the left navigation.

• Analysis Name - Enter a name or review and accept the default analysis name. The default includes the type of analysis, email of the user who scheduled the job, environment, and the date/time.
• Include Types and Statuses - To include unassigned roles in the analysis, select the Unassigned Roles checkbox.
• Security Extract - Select if you want to use live data, which will run a new security extract to base the snapshot on, or a previously completed security extract.

Note

The Use Live Extract option schedules a new security extract to run as part of this job. It must complete before the scheduled job can continue, so it can take a bit longer than using an existing extract.

• Rulebooks - Select which rulebook(s) to use for the analysis.
• Roles Selection - Use the Include, Exclude, and +Add Roles buttons to select who to include.

After you select Submit, you can view the status of your job on the Activity History page.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.