Oracle® Fusion Middleware User's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14316-05 |
|
|
View PDF |
This chapter includes the following sections:
Note:
Oracle Identity Management Reports enables you to use Oracle BI Publisher as the reporting solution for Oracle Identity Management products.
Oracle Identity Management Reports are classified based on the functional areas. For instance, Access Policy Reports, Attestation, Request and Approval Reports, Password Policy Reports and so on. It is no longer named Operational and Historical.
Oracle Identity Management Reports provides a restricted-use license for Oracle BI Publisher and easy-to-use reporting packages for multiple Oracle Identity Management products.
For large-scale deployments, especially those taking advantage of the extensive auditing capabilities of Oracle Identity Manager, it is highly recommended that you deploy a dedicated enterprise-class reporting solution. A solution based on tools such as Oracle Business Intelligence Enterprise Edition can provide the flexibility, automation, and performance required for a large-scale organizations.
The following are Oracle Identity Manager reporting features:
Select and view reports from a predefined list in the BI Publisher.
Filter report information.
View reports on-screen in the desired format.
Provide interactive reports.
Navigate to Start, Oracle BI Publisher Desktop, Oracle - BIPHome10134, and then click Start BI Publisher.
The Oracle BI Publisher Home page appears.
Enter the user name and password.
Click Sign In.
Start Oracle Identity Management Reports. See Section 20.2, "Starting Oracle Identity Management Reports" for more information.
Click the more... link under Shared Folders.
Do one of the following to access the reports.
Click Oracle Identity Management Reports.
Click the more... link under Oracle Identity Management Reports.
The resulting page displays Oracle Identity Management Reports classified according to their functional areas.
Select a report by clicking its name.
The resulting page displays all the reports with its description under the selected report role.
Do one of the following to view the report.
Select a report by clicking its name.
Click View.
The Report Input Parameters page is displayed. This page displays the input parameters that must be provided to run a report. The report input parameters act as a filter criterion.
In some cases, at least one or more parameter fields are required fields. Some reports do not require any input parameter. If this is not the case, then you must populate at least one of the fields to run a report.
Note:
If you leave the input parameter field blank, and then click View, all the information associated with the report is displayed.Enter the information required to identify what information the report contains.
Click View to run the report.
The report is displayed.
BI Publisher supports multiple report output formats. All reports are generated in a native XML format which can be transformed into different other output formats. The following formats are supported:
HTML
RTF
MHTML
All the reports containing Date type input parameters, have the following default date range in the date type input parameters:
Date Range is : Sysdate-30 To Sysdate.
If you want to run the reports for different date range, then please change the date type input parameters with your date ranges.
Oracle Identity Management Reports are now classified based on the functional areas. For instance, Access Policy Reports, Attestation, Request and Approval Reports, Password Policy Reports, and so on. It is no longer named Operational and Historical.
Oracle Identity Management Reports are classified into the following roles based on their functional areas:
Oracle Identity Management BI Publisher Reports provides the following access policy reports for Oracle Identity Manager:
It provides administrators or auditors the ability to view a current snapshot of all the policies defined in Oracle Identity Manager system, along with key information about each policy, and the number of instances in which each policy has been activated.
Input Parameters
The following table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Access Policy Name | Name of the Access Policy |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Description | Description of the policy |
Approval Required | Approval required for the policy |
Creation Date | Date when the policy is created |
Retrofit Access Policy | Retrofit of the access policy |
Created By | Name of the person who created the policy |
Priority | Priority of the policy |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Resource Name | Name of the resource |
It lists all policies defined in Oracle Identity Manager system by role. This report can be used for operational and compliance purposes.
Input Parameters
The following table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Role Name | Name of the role |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Description | Description of the policy |
Approval Required | Approval required for the policy |
Creation Date | Date when the policy is created |
Retrofit Access Policy | Retrofit of the access policy |
Created By | Name of the person who created the policy |
Priority | Priority of the policy |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Role Name | Name of the role |
Oracle Identity Management BI Publisher Reports provides the following attestation, request, and approval reports for Oracle Identity Manager:
This report provides the administrators the ability to view the approval activity including requests that are approved, rejected, or pending.Z
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Approver's First Name | First name of the approver |
Approver's Last Name | Last name of the approver |
Approver's User ID | User ID of the approver |
Organization | Name of the organization |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Approver's First Name | First name of the approver |
Approver's Last Name | Last name of the approver |
Approver's User ID | User ID of the approver |
Organization | Organization of the approver |
Approval Accepted | Count of the accepted approval |
Approval Rejected | Count of the rejected approval |
Approvals Pending | Count of the pending approval |
Approval Requests Total | Total number of approval requests |
This report displays details of all the attestation process. The security model is implemented in this report.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Attestation Process Name | Name of the attestation process |
Attestation Process Owner | Owner of the attestation process |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Attestation Process Name | Name of the attestation process |
Owner User ID | ID of the owner of attestation process |
Date of Current Request | Data on which the request was made |
Date of Last Completion | Data on which the request was completed |
Certified | Attestation process certified |
Rejected | Attestation process rejected |
Declined | Attestation process declined |
Delegated | Attestation process delegated |
Total | Sum of certified, rejected, and declined |
It lists details of selected Oracle Identity Manager attestation requests.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Attestation Process Name | Name of the attestation process |
Attestation Request ID | ID of the attestation process |
Request Initiation Date Range From | Start date of the attestation request |
Request Initiation Date Range To | End date of the attestation request |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Attestation Process Name | Name of the attestation process |
Attestation Request ID | ID of the attestation request |
Request Initiation Date | Date on which the request is initiated |
Completion | Date on which the request is completed |
Certified | Attestation process certified |
Rejected | Attestation process rejected |
Delegated | Attestation process delegated |
No Action | Number of attestation processes on which no action is taken |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user who initiated the attestation request |
Last Name | Last name of the user who initiated the attestation request |
User ID | ID of the user who initiated the attestation request |
Resource | Name of the resource |
Descriptive Data | Date on which the request is completed |
Reviewer's First Name | First name of the reviewer |
Reviewer's Last Name | Last name of the reviewer |
Reviewer's User ID | ID of the reviewer |
Action | Action taken by the reviewer |
This report displays details of all the attestation process and the request for each process, where the logged in user is a member of the administrator or the owner role of the attestation process.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Attestation Process Name | Name of the attestation process |
Attestation Process Owner | Owner of the attestation process |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Attestation Owner | Name of the attestation process owner |
Total Number of Requests | Total number of requests |
Last Completion Date | Date by which attestation should be completed |
Current Request Initiation Date | Date on which attestation is initiated |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Request ID | ID of the attestation request |
Initiation Date | Date on which attestation is initiated |
Completion Date | Date by which attestation should be completed |
Certified | Attestation process certified |
Rejected | Attestation process rejected |
Declined | Attestation process declined |
Delegated | Attestation process delegated |
Total Attested | Sum of certified records, rejected records and declined records |
It displays list of attestation requests by reviewer. The report includes the number of requests associated with each reviewer and information about each request. In addition, it displays the time at which the request is created and completed.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Reviewer First Name | First name of the reviewer |
Reviewer Last Name | Last name of the reviewer |
Reviewer User ID | User ID of the reviewer |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Reviewer 's First Name | First name of the reviewer |
Reviewer 's Last Name | Last name of the reviewer |
Reviewer 's User ID | User ID of the reviewer |
Total Number of Requests | Count of requests to review |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Request ID | ID of the attestation request |
Process Name | Name of the process |
Initiation Date | Date on which attestation is initiated |
Completion Date | Date by which attestation should be completed |
Certified | Attestation process certified |
Rejected | Attestation process rejected |
Declined | Attestation process declined |
Delegated | Attestation process delegated |
Total Attested | Count of requests to attest |
This report provides administrators the ability to view the details (requestor, current approver and so on) of all requests with the input current status. Additionally, this report displays the details of all users (user name, organization, manager details, user status and so on) that will be provisioned as a result of the request approval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Requestor User First Name | First name of the requestor |
Requestor User Last Name | Last name of the requestor |
Request User ID | ID of the requestor |
Request ID | Request ID |
Request Parent ID | Parent ID of the request |
Request Status | Status of the request |
Request Type | Type of the request |
Request Date From | Start date of the request |
Request Date To | End date of the request |
Beneficiary User First Name | First name of the beneficiary |
Beneficiary User Last Name | Last name of the beneficiary |
Beneficiary User ID | ID of the beneficiary |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Request ID | Request ID |
Request Type | Type of the request |
Requester User ID | ID of the requester |
Request Date | Date on which request is initiated |
Approver User ID | ID of the approver |
Current Status | Status of the request |
Parent Request ID | ID of the parent Requester |
Columns
The following table lists the columns of the report, if a beneficiary is present:
Report Column | Description |
---|---|
First Name | First name of the beneficiary |
Last Name | Last name of the beneficiary |
User ID | ID of the beneficiary |
User Type | Type of user |
User Status | Status of the beneficiary |
Organization | Organization of the beneficiary |
Request Value | Request value of the resource |
The following table lists the columns of the report, if a beneficiary is not present:
Report Column | Description |
---|---|
Request Name | Name of the request |
Request Value | Value of the request |
This report provides administrators the ability to view the current status of all requests raised in the specified time interval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Request Type | Type of request |
Request Date From | Start date of the request |
Request Date To | End date of the request |
Organization | Details of the organization |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Request ID | Request ID |
Parent Request ID | ID of the parent Requester |
Request Type | Type of request |
Request Status | Status of request |
Requestor User ID | ID of the requestor |
Beneficiary User ID | ID of the beneficiary |
Request Details | Details of the request |
Approver User ID | ID of the approver |
Request Date | Date of request |
It lists the history of all task assignments.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
User ID | ID of the beneficiary |
Assignee First Name | First name of the assignee |
Assignee Last Name | Last name of the assignee |
Assignee User ID | ID of the assignee |
Assignee Role Name | Role name of the assignee |
Assignee User Name | User name of the assignee |
Employee Type | Type of employee |
Oracle Identity Management BI Publisher Reports provides the following role and organization reports for Oracle Identity Manager:
This report displays membership history of all the roles. The report will not show indirect memberships.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Role Name | Name of the role |
Role Category | Category of the role |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Employee Status | Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date |
Membership Status | Status of membership: Revoked, Active |
Effective From | Role membership effective from date |
Effective To | Role membership effective to date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Created By | Name of the person who created the role |
Creation Date | Date on which the role was created |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Employee Type | Type of employee |
Employee Status | Status of the employee |
Membership Status | Membership date of the user |
Effective From | Membership start date of the user |
Effective To | Membership end date of the user |
Manager's First Name | First name of the manager |
Manager's Last Name | Last name of the manager |
Manager's User ID | ID of the manager |
This report shows number of users present for number of roles and the details of users belonging to count number of roles.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Organization | Organization of the user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Membership in Number of Roles | Number of members in number of roles |
Number of Users | Number of users in the role |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
This report displays membership details of all roles.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Role Name | Name of the role |
Role Category | Category of the role |
Organization | Name of the organization |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Employee Status | Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Created By | Name of the person who created the user |
Creation Date | Date on which the user is created |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of user |
Employee Status | Status of the user |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Member Since | Joining date of the user |
Manager's First Name | First name of the manager |
Manager's Last Name | Last name of the manager |
Manager's User ID | ID of the manager |
It lists the hierarchical organization structure and details about users in the organization.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Organization Name | Name of the organization |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Parent Organization Name | Name of the parent organization |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Role | Name of Administrator User roles |
First Name | First name of the user in the organization |
Last Name | Last name of the user in the organization |
User ID | ID of the user |
User Status | Status of the user |
User Type | Type of user |
Start Date | Joining date of the user |
End Date | Leaving date of the user |
This report lists the logged in users with their membership history.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Last Name | First name of the user |
First Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Status | Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User ID | ID of the user |
User First Name | First name of the user |
User Last Name | Last name of the user |
Organization | Organization of the user |
Employee Status | Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
User Role | Name of the user role |
Membership Status | Status of membership |
Effective From | Date from which the membership is effective |
Oracle Identity Management BI Publisher Reports provides the following password reports for Oracle Identity Manager:
This report shows the list of all active users whose Oracle Identity Manager passwords are about to expire within a specified period.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Last Name | Last name of the user |
First Name | First name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Expiration Date Range From | Start date of the expiration date |
Expiration Date Range To | End date of the expiration date |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Field | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Employee Type | Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Employee Status | Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date |
Organization | Organization of the user |
Password Expiration Date | Date on which the password expires |
This report provides the ability to view the aggregated metrics around password change attempts done by users themselves or on behalf of them. The metrics include all password change attempts, successful or failure outcome of password change attempt, users locked due to multiple concurrent unsuccessful password change attempts.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Aggregation Frequency | The frequency of the report generated |
Date Range From | Start date of the report generated |
Date Range To | End date of the report generated |
Organization | Name of the organization |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Aggregation Frequency | The frequency of the report generated |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Time Period | Date and time of reset attempts performed |
Reset Attempts | Number of reset attempts |
Failed Reset Attempts | Number of failed reset attempts |
Locked Users due to Failed Reset Attempts | Number of users locked due to a failed reset attempt |
Resets by non-beneficiary | Number of resets by non-beneficiary |
It lists users whose resource passwords will expire in a specified time period.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
User Status | Status of the user |
Password Expiration Date From | The password expiry starting date |
Password Expiration Date To | The password expiry ending date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Field | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
User Status | Status of the user: Active, Disabled, Deleted, Disabled Until Start Date |
User Type | Type of the user: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor |
Password Expiration Date | Date on which the password expires |
Oracle Identity Management BI Publisher Reports provides the following resource and entitlement reports for Oracle Identity Manager:
It lists all account activities in each resource. It also provides information on how each user is associated with a specific activity of that resource.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Date Range From | Date from which reports are displayed |
Date Range To | Date to which reports are displayed |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Name | Name of the resource |
Activity Type | The type of activity |
Resource Authorizer User Role(s) | Name of the role which authorize the role |
Resource Administrator User Role(s) | Name of the role which authorize the resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
User Status | Status of the user: Active, Disabled, Deleted, Disabled Until Start Date |
Organization | Organization of the user |
Manager's User ID | ID of the manager |
Timestamp | Date when the report is created |
This report displays the list of user roles with write and delete access that are administrators of the resource.
Input Parameters
The table lists the report parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Administrator Role Name | Name of the Administrator role |
Administrator Role Information | Information about the Administrator role |
Read Access | Indicates whether the resource has read access |
Write Access | Indicates whether the resource has write access |
Delete Access | Indicates whether the resource has delete access |
Authorizer Role | Authorizer role name |
Name Priority | Priority of the resource |
Created By | Name of the person who created the resource |
Creation Date | Resource creation date |
The report displays the list of user roles that are the administrators or authorizers of the resource and members of those roles.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Resource Type | Type of resource |
Resource Audit Objective | Objective to carry out the audit for the resource |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Target | Indicates whether the resource is a target for organization or user |
Write Access | Indicates whether the resource has write access |
Delete Access | Indicates whether the resource has delete access |
Creation By | Resource creation source |
Creation Date | Date on which resource is created |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
User Status | Status of the user |
Member Since | Joining date of the user |
Manager's First Name | First name of the manager |
Manager's Last Name | Last name of the manager |
Manager's User ID | ID of the manager |
This report provides administrators or auditors the ability to query all existing users, who have a specified entitlement. This report can be used for operational and compliance purposes.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Entitlement Code | Code of the entitlement |
Resource Name | Name of the resource |
Organization | Organization of the user |
Role Name | Name of the role |
User Status | Status of the user: Active, Disabled, Deleted, Disabled Until Start Date |
User Type | Type of user |
Provisioning Date From | Date from which the resource is provisioned to the user |
Provisioning Date To | Date to which the resource is provisioned to the user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Entitlement Code | Code of the entitlement |
Entitlement Name | Name of the entitlement |
Entitlement status | Status of the entitlement. |
Resource Name | Name of the resource |
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
User Id | ID of the user |
First Name | First name of the user |
Last Name | Last name of the user |
User Status | User Status |
User Type | Type of the user |
Organization | Organization of the user |
Valid To Date | Entitlement valid from date |
Valid From Date | Entitlement valid to date |
This report provides administrators or auditors the ability to query all existing users provisioned to a entitlement over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Entitlement Code | Code of the entitlement |
Resource Name | Name of the resource |
Organization | Organization of the user |
Role Name | Name of the role |
User Status | Status of the user: Active, Disabled, Deleted, Disabled Until Start Date |
User Type | Type of user |
Effective From Date | Entitlement effective from date |
Effective To Date | Entitlement effective to date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Entitlement Code | Code of the entitlement |
Entitlement Name | Name of the entitlement |
Resource Name | Name of the resource |
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
User Id | ID of the user |
First Name | First name of the user |
Last Name | Last name of the user |
User Status | Status of the user |
User Type | Type of user |
Effective From | Entitlement effective from date |
Effective To | Entitlement effective to date |
This report provides Administrators to get a list of financially significant resources to prioritize various administrative and cleanup activities. It also helps Compliance or Privacy and Security officers assessing effectiveness of preventive and detective controls in financial significant resources and Auditors to understand the IT resources that host financial data.
Input Parameters
The table lists the report parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
User Roles | Lists the resource administrator user roles |
This report enables administrators, signing officers, internal and external auditors to analyze discrepancies in various process forms and related child tables of various resources and mitigate material weaknesses in the resources through remediation activities.
Input Parameters
The table lists the report parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Employee Type | Type of the employee such as fulltime, part time |
Organization Name | Name of the organization |
Role Name | Name of the role |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Name | Name of the resource |
User ID | ID of the user |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Form Name | Name of the form |
Form Type | Type of the form |
Note:
Before running this report, you must populate data for account audit and reconciliation exceptions.To populate the data for account audit and reconciliation exceptions:
Set the value of the system property, XL.EnableExceptionReports, to True.
Provision an user to any target.
Modify any of the user's attribute in the target and reconcile the user.
Find data in UPA_UD_FORMFIELDS and UPA_UD_FORMS tables.
Go to Oracle Identity Manger server and run RefreshMaterializedViewScheduler Task.
Log in to BIP and view the report.
Offline provisioning enhancement enables Oracle Identity Manager to do offline provisioning, enable, disable and revoke on resource instances that will improve the performance by parallel execution and also overcome transaction time-outs. This is achieved by submitting the JMS message when a specific action happens, the actual execution happens as a part of message processing. Such JMS message might be failed while processing due to some reasons. This report lists all the details of such failed off-line messages.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
User's First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Resource Name | Name of the resource |
Action | Action taken by the resource |
Date Range From | Start date |
Date Range To | End date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User's First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Resource Name | Name of the resource |
Resource Description | Description of the resource |
Action | Action taken by the resource |
Request Key | Key of the request |
Create Date | Provisioning creation date |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Reason | Reason of the offline resource provisioning |
Exception | Exception in the offline resource provisioning |
It lists the rogue accounts for the input resource for which a user existed in the target system, but the associated user to whom the account is provisioned never existed in Oracle Identity Manager.
Input Parameters
The table lists the report parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Reconciliation Date Range From | Start date of reconciliation |
Reconciliation Date Range To | End date of reconciliation |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Resource | Name of the resource |
Account Information | Information of the orphaned account |
Reconciliation Date | Date of reconciliation |
This report provides administrators or auditors the ability to query all existing users provisioned to a resource over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
User Status | Status of the user |
User Type | Type of the user |
Snapshot Date From | Effective start date of resource access to the user |
Snapshot Date To | Effective end date of resource access to the user |
Changes Date From | Resource changed from date to user |
Changes Date To | Resource changed to date to user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Resource Descriptive data | Description of the resource |
User Status | Status of the user |
Resource Status | Status of the resource |
Effective From | Effective start date |
Effective To | Effective end date |
This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
User Status | Status of the user |
User Type | Type of the user |
Provisioning Date From | Resource provision start date |
Provisioning Date To | Resource provision end date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
User Type | Type of the user |
User Status | Status of the user |
Organization | Organization of the user |
Provisioning Date | Date on which the resource is provisioned |
This report lists the number of users for each status within each resource.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Resource Type | Type of resource |
Account Status | Status of the account |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Total Number of Users | Total number of users associated with the account |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Account Status | Status of the account |
Number of Users | Number of users with that account status |
It lists the history of all provisioning and approval activities for a resource.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
Date Range From | Start date |
Date Range To | End date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Accounts Provisioned | Number of accounts provisioned |
Accounts De-Provisioned | Number of accounts de-provisioned |
Approval Requests | Number of approval requests |
Approval Accepted | Number of approved requests |
Approval Rejected | Number of rejected requests |
This report includes all rogue accounts for the input resource. This report also includes the corresponding attestation data to analyze if the rogue accounts represent outstanding or accepted exceptions in the system. This enables administrators, signing officers, internal and external auditors to identify material weaknesses in the resources and plan their mitigation through remediation activities.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
Resource Name | Name of the resource |
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization Name | Organization of the user |
User Status | Status of the user |
User Type | Type of the user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
Resource Type | Type of resource |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
User Status | Status of the user |
User Type | Type of the user |
Exception Type | Type of exception |
Exception Approved in Attestation | Indicates whether the exception is approved or not |
Reviewer First Name | First name of the reviewer |
Reviewer Last Name | Last name of the reviewer |
Reviewer User ID | User ID of the reviewer |
This report provides administrators or auditors the ability to view user's resource access history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Status | Status of the user |
Employee Type | Type of employee |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User ID | ID of the user |
User First Name | First name of the user |
User Last Name | Last name of the user |
Manager User ID | ID of the reporting Manager |
Manager First Name | First name of the reporting Manager |
Manager Last Name | Last name of the reporting Manager |
Organization | Organization of the user |
Employee Status | Status of employee |
Employee Type | Type of employee |
Identity Creation Date | User creation date |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Resource Name | Name of the resource |
Resource Descriptive Data | Description of the resource |
Provisioned Date | Date on which the resource is provisioned |
Provisioned By | Name of the person who provisioned the resource |
Effective From | Effective start date of resource access to the user |
Effective To | Effective end date of resource access to the user |
This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Status | Status of employee |
Employee Type | Type of employee |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User ID | ID of the user |
User First Name | First name of the user |
User Last Name | Last name of the user |
Manager User ID | ID of the reporting Manager |
Manager First Name | First name of the reporting Manager |
Manager Last Name | Last name of the reporting Manager |
Organization | Organization of the user |
Employee Status | Status of employee |
Employee Type | Type of employee |
Identity Creation Date | User creation date |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Resource Name | Name of the resource |
Resource Descriptive Data | Description of the resource |
Resource Status | Status of the resource |
Provisioned Date | Date on which the resource is provisioned |
This report provides administrators or auditors the ability to query all existing entitlements provisioned to specific users. This report can be used for operational and compliance purposes.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
User ID | ID of the user |
First Name | First name of the user |
Last Name | Last name of the user |
Email of the user | |
Resource Name | Name of the resource |
Organization | Organization of the user |
Role Name | Name of the role |
User Status | Status of the user |
User Type | Type of the user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User ID | ID of the user |
First Name | First name of the user |
Middle Name | Middle name of the user |
Last Name | Last name of the user |
Email of the user | |
Organization | Organization of the user |
User Status | Status of the user |
User Type | Type of the user |
Manager First Name | First name of the manager |
Manager Last Name | Last name of the manager |
Start Date | Entitlement of resource start date |
End Date | Entitlement of resource end date |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Entitlement Code | Code of the entitlement |
Entitlement Name | Name of the entitlement |
Entitlement Status | Status of the entitlement |
Resource | Type of the resource |
Provisioning Start | Date from which the resource is provisioned to the user |
Valid From Date | Entitlement of resource valid start date |
This report provides administrators or auditors the ability to view user's resource entitlement history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
User ID | ID of the user |
First Name | First name of the user |
Last Name | Last name of the user |
Email of the user | |
Resource Name | Name of the resource |
Organization | Organization of the user |
Role Name | Name of the role |
User Status | Status of the user |
User Type | Type of the user |
Effective From Date | Resource entitlement effective start date |
Effective To Date | Resource entitlement effective end date |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User ID | ID of the user |
First Name | First name of the user |
Last Name | Last name of the user |
User Status | Status of the user |
User Type | Type of the user |
Organization | Organization of the user |
Email of the user | |
Start Date | Start date of resource entitlement |
End Date | End date of resource entitlement |
Identity Creation Date | Date of identity creation |
Manager First Name | First name of the manager |
Manager Last Name | Last name of the manager |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Entitlement Code | Code of the entitlement |
Entitlement Name | Name of the entitlement |
Resource | Type of the resource |
Effective From Date | Resource entitlement effective start date |
Effective To Date | Resource entitlement effective end date |
Oracle Identity Management BI Publisher Reports provides the following user reports for Oracle Identity Manager:
This report shows all the users and their details based on the input parameters.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Role Name | Role of the user |
Manager User ID | ID of the Manager to whom the user reports |
Employee Status | Status of the user |
Employee Type | Type of employee |
Changes Date Range From | Effective start date of the changes |
Changes Date Range To | Effective end date of the changes |
Snapshot Date Range From | Effective start date of resource access to the user |
Snapshot Date Range To | Effective end date of resource access to the user |
Fields
The following table lists the fields of the report:
Report Field | Description |
---|---|
User ID | ID of the user |
User First Name | First name of the user |
User Last Name | Last name of the user |
Manager User ID | ID of the reporting Manager |
Manager First Name | First name of the reporting Manager |
Manager Last Name | Last name of the reporting Manager |
Organization | Organization of the user |
Employee Status | Status of employee |
Employee Type | Type of employee |
Identity Creation Date | User creation date |
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
Profile Parameter | Name of user profile |
Value | Value of user profile |
Date Effective From | Effective from date |
Time Effective From | Effective from time |
It lists all Oracle Identity Manager users created in a specified time period. In addition, it provides information on whether the users were created manually or through trusted reconciliation.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Employee Status | Status of the user |
Employee Type | Type of employee |
Creation Date From | Start date of user summary |
Creation Date To | End date of user summary |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Status | Status of the user |
Employee Type | Type of employee |
Manager ID | ID of the Manager to whom the user reports |
Source | User creation source |
Creation Date | Date at which the user is created |
This report shows all the deleted users and their details based on input parameters.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Type | Type of employee |
Deletion Date From | Start date of summary of deleted users |
Deletion Date To | End date of summary of deleted users |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Type | Type of employee |
Manager ID | ID of the Manager to whom the user reports |
Source | User creation source |
Deletion Date | Date at which the user is deleted |
This report provides the ability to view the details of users whose accounts are disabled. The account may be disabled for various reasons. For example, rejection in attestation, unsuccessful login or password reset attempts failure and so on.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Type | Type of employee |
Disabled Date From | Start date of user disabled |
Disabled Date To | End date of user disabled |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Status | Current status of the employee |
Employee Type | Type of employee |
Manager ID | ID of the Manager to whom the user reports |
Source | User creation source |
Disabled Date | Date at which the user is disabled |
This report provides the ability to view the details of users whose disabled accounts are unlocked by administrators. Delegated administrators of the organizations to whom the user belongs may enable the accounts.
Input Parameters
The table lists the report input parameters used to specify a criterion for subsetting data:
Report Parameter | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Type | Type of employee |
Unlocked Date From | Start date of user unlocked |
Unlocked Date To | End date of user unlocked |
Fields
N/A
Columns
The following table lists the columns of the report:
Report Column | Description |
---|---|
First Name | First name of the user |
Last Name | Last name of the user |
User ID | ID of the user |
Organization | Organization of the user |
Employee Status | Status of the user |
Employee Type | Type of employee |
Manager ID | ID of the Manager to whom the user reports |
Source | User creation source |
Unlocked Date | Date at which the user is unlocked |
In Oracle Identity Manager, exception refers to the difference between accounts that a user is entitled to and the accounts that are actually assigned to a user. The user is assigned these accounts as a result of access policies, provisioning of resources, approval requests, and reconciliation events. Any difference of these accounts assigned to a user in the target system and the ones assigned to the user in Oracle Identity Manager comprises an exception.
The following exception reports have been introduced in this release:
Rogue Accounts By Resource
This report returns a list of all the rogue accounts existing in a resource. The following exceptions are reported:
An account that exists in the target system, but is not provisioned to the corresponding user in Oracle Identity Manager
An account that exists in the target system, but has been deprovisioned for the corresponding user in Oracle Identity Manager
An account that exists in the target system, but the corresponding user to whom the account is provisioned has been deleted in Oracle Identity Manager
The following exception is not reported in spite of being a rogue account:
An account that exists in the target system but the corresponding user to whom the account is provisioned has never existed in Oracle Identity Manager
Fine Grained Entitlement Exceptions By Resource
This report returns a list of all the accounts in a resource for which the process form data being reconciled is different from the expected values. It means that this report returns any account existing in the target system that is also provisioned to the corresponding user in Oracle Identity Manager, but for which the process data does not match.
Note:
After completion of initial target reconciliation, all account-related activities performed directly on a target resource are tracked as exception activity. Account-related activities include account creation, account modification, and entitlement assignment/revocation. The exception reports should be used only if the organization policies enforce that all account-related activities in target resources would always be initiated in Oracle Identity Manager. In addition, remember that exception detection and recording are an extension of account data reconciliation and, therefore, may result in a drop in performance during reconciliation.
Both the exception reports depend on reconciliation data. Therefore, these reports will not display any data if the corresponding reconciliation events are archived.
Oracle Identity Manager supports the creation of reports by using third-party tools such as Crystal Reports. You can use a third-party tool to create the reports listed in Section 20.5, "Reports for Oracle Identity Manager".
Note:
To learn how to create reports by using third-party software, see the third-party software documentation.