Identity Entitlements Detail Report
Note: Including classifications in the Identity Entitlements Detail Report can impact performance. By default, classifications are included in this report, but you can remove them in the Report Layout dialog.
This report lists all identity entitlements – assigned and aggregated application entitlements, assigned and detected roles – and details about them. Some columns apply only to application entitlements, some apply only to roles, and some relate to both.
-
For application entitlements, the data displayed includes the application name and instance (if applicable), the attribute name and value, the account name, and whether it was directly assigned (e.g. requested through LCM) or whether it was granted indirectly by one or more of the Identity's roles.
-
For roles, the Attribute columns shows whether it was assigned or detected, and the Entitlement column shows the role name; the Allowed column is only ever "true" for detected roles which are allowed or required by an assigned role for the Identity.
Information about when they were last certified for the identity is shown for both types of records, as is the Source data (how the entitlement / role was granted to or found for the identity).
The detailed results of this report can be exported to a CSV or PDF file.
The Identity Entitlements Detail Report consists of the following sections:
-
Identity Entitlements Report Arguments – these options are described in the table below
All reports use a set of standard properties for basic information such as naming and descriptions, and for setting controls, such as scoping and requiring sign-off.
You must enter the following before running this report:
-
Name
For step by step instructions on creating or editing a report, see Working With Reports.
Identity Entitlements Report Arguments
The following criteria determines what information is included in this report. You can use any combination of options to build a report.
Note: Selecting NO options from a list indicates that ALL options in the list are included in the report.
Note: Use the Shift and Crtl keys to select multiple items from lists.
|
Option |
Description |
|
Identities |
Type in manually or use the dropdown list to select the identities to include in the report. If no identities are specified, all identities are included. |
|
Applications |
Type in manually or use the dropdown list to select the applications to include in the report. If no applications are specified, all applications are included. |
|
Attributes |
Type in manually or use the dropdown list to select the attributes to include in the report. If no attributes are specified, all attributes are included. |
|
Entitlements |
Type in manually or use the dropdown list to select the entitlements to include in the report. If no entitlements are specified, all entitlements are included. |
|
Accounts |
Type in manually or use the dropdown list to select the accounts to include in the report. If no accounts are specified, all accounts are included. |
|
Instances |
Type in manually or use the dropdown list to select the instances to include in the report. If no instances are specified, all instances are included. |
|
Assigners |
Type in manually or use the dropdown list to select the assigners to include in the report. If no assigners are specified, all assigners are included. |
|
Source |
Type in manually or use the dropdown list to select the sources to include in the report. If no sources are specified, all sources are included. |
|
Exists on account |
Select Include All to include all entitlements True to include only entitlements that were found on the last aggregation, or False to not include entitlements that were found on the last aggregation. The default is to include both. |
|
Entitlement Type |
Select from Include All, Entitlements, or Permissions. |
|
Allowed by an assigned role |
Select True to report only detected roles that are permitted or required by an assigned role (no entitlements or assigned roles will appear in the report). Select False to omit these detected roles from the report. By default, they are included alongside account entitlements and assigned roles. |
|
Additional Entitlements only |
Select True to include only entitlements that are not encapsulated in a role held by the identity. Select False to include only entitlements that are granted by a role assigned to the identity. By default, additional entitlement and role-based entitlements are both included. |
|
Has been certified |
Select Include All to include all entitlements True to include only entitlements that have been certified, or False to not include entitlements that have been certified. |
|
Has pending certification |
Select Include All to include all entitlements True to include only entitlements that have a pending certification, or False to not include entitlements that have a pending certification. |
|
Has been requested |
Select Include All to include all entitlements True to include only entitlements that have been requested, or False to not include entitlements that have been requested. |
|
Has pending request |
Select Include All to include all entitlements True to include only entitlements that have a pending request, or False to not include entitlements that have a pending request. |