Entitlement Search
Use the Entitlement Search page to generate searches based on the entitlements or application object types in your enterprise. These searches can find application objects by attribute, owner, value, application, type, target, rights, annotation, or any combination of that criteria.
See Entitlement Search Criteria.
Search results can be saved as reports for reuse. When you save a search as a report, you can schedule the search on a continuous basis for monitoring and tracking purposes. See Report Use(LINK IN DOC).
Entitlement searches that are saved as identity searches are only available from the Identity Search page. If you save an entitlement search as an identity search, the filters are converted to work on identity pages. The new search results include the identities that are in associated with the application objects for the original search.
Use Advanced Search to create detailed, multi-layered filters to identify specific populations of users in your enterprise. To create complex queries into your Identity Cubes, you can create multiple filters and then group and layer them using And / Or operations.
See Using Advanced Search Options.
When a previous search is saved to use later, the Saved Searches section displays at the top of the page. A saved search has the following information:
| Field | Description |
| Saved Searches: | |
| Search Name | The names of past searches that you saved to reuse at a later time. To view the search results page, click the name of the saved search to view the search results page. These Saved Searches are only available for your use. To make identity searches available to users with Report access, save the search as a report. |
| Loaded Saved Search: | |
| The name and description of your current saved query. | |
Entitlement Search Criteria
The search fields are inclusive or "AND" type searches. Only actions matching values specified in all fields are included in the search results.
To limit the search results, use search criteria. If you do not type information or make a selection in a search criteria field, all possible choices are included. For example, if you do not provide a type in the Type field, all application object types are included.
Specify the search criteria and columns to display and click Run Search to display the search results. From the search results page, you can review the results of your search and save the search. See Search Results(LINK IN DOC).
The Entitlement Search page has the following information:
| Criteria | Description |
| Saved Searches: | |
| Search Name | These Saved Searches are only available for your use. The names of past searches that you saved to reuse at a later time. |
| Loaded Saved Search: | |
| The name and description of your current saved query. | |
| Run Search | If you have modified the criteria of the Loaded Saved Search, the modified criteria is used for the search. Run the search with the criteria that is displayed on the current page. |
| Clear Search | Unload the Loaded Saved Search and clear all query options. |
| Delete Search | Delete the specified Loaded Saved Query. |
| Account Group Attributes: | |
| Attribute | Type the name of an attribute to include in the search. |
| Owner | Type the entitlement owner to include in the search. Click the arrow to the right of the suggestion field to display a list of all possible owners or type a few letters in the field to display a list of possible owners that begin with that letter string. |
| Value | The value assigned to the attribute on an application. |
| Application | Select the applications to include in the search for entitlements. If nothing is selected, all application are included. |
| Type | Select the application object type to include in the search. If no application is specified all application object types from all applications are included in this list. If no application object types are specified, all are included in the search. |
| Classification | Classifications can identify entitlements as potentially allowing access to sensitive, protected, or otherwise significant data. Choose any classifications to include in the search. |
| Effective Access | Limit the search to the specific effective access list. Effective Access is any indirect access that was granted through another object. For example a nested group, an unstructured target, or another role. |
| Elevated Access | Allows the results to be filtered for the Elevated Access attribute. |
| Target | The specific target on an application to include in the search. Use the target filter to narrow the search results based on a specific application. |
| Rights | The rights associated with an entitlement on the target attribute. For example, create, read, update, delete, execute. |
| Annotation | The annotation field is an open field that you can use to add information to help describe permissions. |
| Searchable Attributes: | The extensible entitlement attributes marked as searchable in the entitlements catalog. |
| Fields to Display: | |
| Fields to Display | Specify the information displayed on the Entitlement Search Results page associated with this search. Each field defines a column on the results table. You must select at least one field to display on the results page. |