Reports - Hitachi ID Access Certifier
Hitachi ID Access Certifier includes a variety of built-in reports relating to the access certification process:
- Security change requests that result from a certification round.
- Certification rounds performed.
- Applications whose users and group memberships were audited.
- Security groups whose memberships were audited.
- Statistical analysis of completion of active certification rounds.
- Details of what users, accounts and group memberships have been reviewed, by whom and when.
There are also built-in reports to enumerate users and entitlements, independent of the certification process, including:
- List users.
- List accounts (i.e., users per system/application).
- List groups.
- List user membership in groups.
- List roles.
- List role assignment to users.
Each report supports a range of data filter options, such as certifier identification, resource identification, certification round ID, date ranges, etc.
Access Certifier's back-end database is SQL-based and a data dictionary is provided. This means that standard, off-the-shelf reporting programs such as Crystal Reports and Cognos can be used to develop custom reports with ease.
Access Certifier customers can also run standard Hitachi ID Identity Manager reports, in particular relating to what users have what entitlements:
(1) All data in Access Certifier is in a normalized, relational database schema and can be accessed using standard analytical tools (Crystal Reports, Cognos, MS-Excel, SQL queries, etc).
The schema is well documented and is available to all product licensees and evaluators under NDA. The current release schema documentation is about 127 pages long, and includes detailed descriptions of every field, table, relation, value constraint, etc.
Hitachi ID Systems customer can add custom reports right to the Access Certifier web UI, so that they can be run interactively, scheduled, have output delivered via e-mail, etc. These reports are written using short Python scripts that mostly contain a SQL SELECT statement which interacts with the Access Certifier back-end database, but can also pull data from other sources (e.g., web services, other SQL databases, LDAP directories, etc.).
Access Certifier includes many built-in reports, which can be run interactively from the web portal or scheduled to run automatically (and periodically if so desired). Report output is HTML or CSV and can be delivered to the same web portal or via e-mail or filesystem. Built-in reports cover:
- Identities -- users, accounts, attributes, orphan/dormant accounts, etc.
- Entitlements -- roles, groups, accounts, etc.
- History -- by user, role, group, etc.
- Workflow -- activity in the queue, historical trends, request popularity, etc.
- Role analytics -- users sharing entitlements, SoD violations and more.
- Configuration data -- roles, groups, etc.
- System data and troubleshooting -- event logs, unsatisfiable requests, entitlements with no/invalid owners, etc.
The same data is accessible to 3rd party reporting tools.