Creating Populations
Populations are created by setting up query criteria in the Advanced Analytics page of IdentityIQ and saving the results of the query as a population. To access the Advanced Analytics page, click Intelligence > Advanced Analytics.
You can create populations from two types of search in Advanced Analytics: the basic Identity Search, and Advanced Search. Identity Search allows you to set simple filter values for Identity Attributes to define the population. With Advanced Search, you can specify more complex search criteria, including grouping the filter criteria, choosing "and" or "or" relationships between criteria, and specifying search types other than "equals."
For more information, see Advanced Analytics Overview.
Basic Identity Search
The default Advanced Analytics search option is Identity Search, which offers a variety of Identity Attributes for which search values can be entered. These criteria are evaluated together in an "and" relationship to select the population's members, meaning all Identities in the population will meet all search criteria specified.
In addition to basic Identity Attributes, application accounts held, detected or assigned Roles, associated Workgroups, and Risk Attributes can be used to filter Identities in a basic search.
Multi-Valued Attributes are specified separately, with the option of selecting multiple values in either "and" or "or" relationships (requiring the Identity to have all of the values assigned or any one of them, respectively).
The fields selected in the Fields to Display list are shown on the search results window. Once the search is saved as a population, however, the display fields do not really matter; when used in other parts of IdentityIQ as a processing filter, populations return the Identities that match the criteria, not just the specified display fields.
Once the parameters have been specified, click Run Search at the bottom of the window to execute the search based on the specified criteria.
To create the Population, click Save Identities as Population from the Result Options list.
Advanced Search
The Advanced Search option is accessed by clicking Advanced Search on the Identity Search tab. This option gives you more flexibility in setting your search criteria.
Individual filters are specified by selecting a field, choosing a search type (such as equals, is greater than, is not equal to, is not null, etc.) and entering a value (the Value field is suppressed for null / not null options). The "like" options can be further narrowed by whether the field value should start with, end with, contain anywhere, or be an exact match for the Value specified. Then, the filters can be connected through "and" or "or" relationships in any fashion, including grouping and nesting of criteria.
You can edit the filter source directly by clicking [view / edit filter source]. This gives you even more flexibility in setting filter criteria in ways that might not be available through the user interface.
For more detailed information on working with filters and filter strings, see the Filters and Filter Strings technical white paper on Compass.
If filters are modified and saved using the filter source , the standard representation of the search criteria is updated in the user interface to reflect the changes. When the variables selected are not ones the system is able to display in its reader-friendly format, the message The filter you have entered cannot be displayed but will be applied to your search is shown instead.
Filter Source Specification
Only persistent variables in the object model can be specified in the query filter. In general, this set matches the list of variables available through the public "get" and "set" methods shown in the IdentityIQ Javadocs that ship with the product. The variable names to specify match the method names without the "get" / "set" prefix. For example, the "first name" variable is accessible through the getFirstname() method, so the variable for the filter string would be firstname (the first letter of the variable name is always lowercase; the rest matches the camel case of the method name).
Fields within objects contained within the Identity object can be queried with the object.attribute syntax (for example, bundles.name or links.application.name). Multi-valued Identity Attributes can be accessed through the IdentityExternalAttribute object, and multi-valued Account Attributes can be queried through the LinkExternalAttribute object using syntax that mirrors the following:
IdentityExternalAttribute.collectionCondition("((id.join(IdentityExternalAttribute.objectId) && IdentityExternalAttribute.attributeName i== \"IdentityAttributeName\" && IdentityExternalAttribute.value.startsWith(\"attributevalue\")))")
or
LinkExternalAttribute.collectionCondition("((links.id.join(LinkExternalAttribute.objectId) && LinkExternalAttribute.attributeName i== \"AccountAttributeName\" && LinkExternalAttribute.value.startsWith(\"attributevalue\")))")
The table below details the syntax for adding filters of various data types to the filter source.
| Field Data Type | Structure | Example |
|---|---|---|
| String | "value" | department == "Accounting" |
| Numeric | value | location <= 10 |
| Boolean | value | managerStatus == true |
| Date | DATE$[long value of time - milliseconds since Jan 1, 1970] | lastLogin > DATE$1318884600000 |
| Char (single character) | 'value' | middleInitial == 'D' |
| Float | Value (floating point literal) | average < 250.144 |
| Enumeration | EnumName.EnumValue |
Note
The IdentityIQ object model currently has no persistent Char or Float fields, and it is rare for Enumerations to be queried through these pages. Those three data types are included here primarily as interesting information.
The filter compiler can interpret these operators and expressions:
| Conditional Operators | &&, | |
|---|---|
| Parentheses groupings and function references | (, ), startsWith, startsWithIgnoreCase, endsWith, endsWithIgnoreCase, contains, containsIgnoreCase, in, inIgnoreCase, join, isNull, notNull, isEmpty, collectionCondition, subquery |
| Property Operators | ==, !=, <=, >=, >, <, i==, i!=, i>=, i<=, i>, i< (i means ignore case) |