Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager
11g Release 2 (11.1.2)

Part Number E27149-16
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

18 Using Reporting Features

This chapter includes the following sections:

Note:

18.1 Reporting Features

The following are Oracle Identity Manager reporting features:

18.2 Starting Oracle Identity Manager Reports

To start BI Publisher:

  1. Navigate to Start, Oracle BI Publisher Desktop, Oracle - BIPHome10134, and then click Start BI Publisher.

    The Oracle BI Publisher Home page appears.

  2. Enter the user name and password.

  3. Click Sign In.

18.3 Running Oracle Identity Manager Reports

To run a report:

Note:

BI Publisher cannot be accessed through Oracle Identity Manager UI. You must open BI publisher explicitly to access the Oracle Identity Manager 11g reports.

  1. Start Oracle Identity Manager Reports. See Section 18.2, "Starting Oracle Identity Manager Reports" for more information.

  2. Click the more... link under Shared Folders.

  3. Do one of the following to access the reports.

    • Click Oracle Identity Manager Reports.

    • Click the more... link under Oracle Identity Manager Reports.

    The resulting page displays Oracle Identity Manager Reports classified according to their functional areas.

  4. To view a report:

    1. Select the report by clicking its name.

    2. Click View.

    The Report Input Parameters page is displayed. This page displays the input parameters that must be provided to run a report. The report input parameters act as a filter criterion.

    In some cases, at least one or more parameter fields are required fields. Some reports do not require any input parameter. If this is not the case, then you must populate at least one of the fields to run a report.

    Note:

    If you leave the input parameter field blank, and then click View, all the information associated with the report is displayed.

  5. Enter the information required to identify what information the report contains.

  6. Click View to run the report.

    The report is displayed.

18.4 Supported Output Formats

BI Publisher supports multiple report output formats. All reports are generated in a native XML format which can be transformed into different other output formats. The following formats are supported:

18.5 Reports for Oracle Identity Manager

All the reports containing Date type input parameters, have the following default date range in the date type input parameters:

Date Range is : Sysdate-30 To Sysdate.

If you want to run the reports for different date range, then please change the date type input parameters with your date ranges.

Oracle Identity Manager Reports are now classified based on the functional areas. For instance, Access Policy Reports, Attestation, Request and Approval Reports, Password Policy Reports, and so on. It is no longer named Operational and Historical.

Oracle Identity Manager Reports are classified into the following categories based on their functional areas:

18.5.1 Access Policy Reports

Oracle Identity Manager BI Publisher Reports provides the following access policy reports for Oracle Identity Manager:

18.5.1.1 Access Policy Details

It provides administrators or auditors the ability to view a current snapshot of all the policies defined in Oracle Identity Manager system, along with key information about each policy, and the number of instances in which each policy has been activated.

Input Parameters

The following table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Access Policy Name

Name of the Access Policy


Fields

The following table lists the fields of the report:

Report Field Description

Description

Description of the policy

Approval Required

Approval required for the policy

Creation Date

Date when the policy is created

Retrofit Access Policy

Retrofit of the access policy

Created By

Name of the person who created the policy

Priority

Priority of the policy


Columns

The following table lists the columns of the report:

Report Column Description

Resource Name

Name of the resource


18.5.1.2 Access Policy List by Role

It lists all policies defined in Oracle Identity Manager system by role. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Role Name

Name of the role


Fields

The following table lists the fields of the report:

Report Field Description

Description

Description of the policy

Approval Required

Approval required for the policy

Creation Date

Date when the policy is created

Retrofit Access Policy

Retrofit of the access policy

Created By

Name of the person who created the policy

Priority

Priority of the policy


Columns

The following table lists the columns of the report:

Report Column Description

Role Name

Name of the role


18.5.2 Attestation, Request, and Approval Reports

Oracle Identity Manager BI Publisher Reports provides the following attestation, request, and approval reports for Oracle Identity Manager:

18.5.2.1 Approval Activity

This report provides the administrators the ability to view the approval activity including requests that are approved, rejected, or pending.Z

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Approver's First Name

First name of the approver

Approver's Last Name

Last name of the approver

Approver's User ID

User ID of the approver

Organization

Name of the organization


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

Approver's First Name

First name of the approver

Approver's Last Name

Last name of the approver

Approver's User ID

User ID of the approver

Organization

Organization of the approver

Approval Accepted

Count of the accepted approval

Approval Rejected

Count of the rejected approval

Approvals Pending

Count of the pending approval

Approval Requests Total

Total number of approval requests


18.5.2.2 Attestation Process List

This report displays details of all the attestation process. The security model is implemented in this report.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Attestation Process Name

Name of the attestation process

Attestation Process Owner

Owner of the attestation process


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

Attestation Process Name

Name of the attestation process

Owner User ID

ID of the owner of attestation process

Date of Current Request

Data on which the request was made

Date of Last Completion

Data on which the request was completed

Certified

Attestation process certified

Rejected

Attestation process rejected

Declined

Attestation process declined

Delegated

Attestation process delegated

Total

Sum of certified, rejected, and declined


18.5.2.3 Attestation Request Details

It lists details of selected Oracle Identity Manager attestation requests.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Attestation Process Name

Name of the attestation process

Attestation Request ID

ID of the attestation process

Request Initiation Date Range From

Start date of the attestation request

Request Initiation Date Range To

End date of the attestation request


Fields

The following table lists the fields of the report:

Report Field Description

Attestation Process Name

Name of the attestation process

Attestation Request ID

ID of the attestation request

Request Initiation Date

Date on which the request is initiated

Completion

Date on which the request is completed

Certified

Attestation process certified

Rejected

Attestation process rejected

Delegated

Attestation process delegated

No Action

Number of attestation processes on which no action is taken


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user who initiated the attestation request

Last Name

Last name of the user who initiated the attestation request

User ID

ID of the user who initiated the attestation request

Resource

Name of the resource

Descriptive Data

Date on which the request is completed

Reviewer's First Name

First name of the reviewer

Reviewer's Last Name

Last name of the reviewer

Reviewer's User ID

ID of the reviewer

Action

Action taken by the reviewer


18.5.2.4 Attestation Requests by Process

This report displays details of all the attestation process and the request for each process, where the logged in user is a member of the administrator or the owner role of the attestation process.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Attestation Process Name

Name of the attestation process

Attestation Process Owner

Owner of the attestation process


Fields

The following table lists the fields of the report:

Report Field Description

Attestation Owner

Name of the attestation process owner

Total Number of Requests

Total number of requests

Last Completion Date

Date by which attestation should be completed

Current Request Initiation Date

Date on which attestation is initiated


Columns

The following table lists the columns of the report:

Report Column Description

Request ID

ID of the attestation request

Initiation Date

Date on which attestation is initiated

Completion Date

Date by which attestation should be completed

Certified

Attestation process certified

Rejected

Attestation process rejected

Declined

Attestation process declined

Delegated

Attestation process delegated

Total Attested

Sum of certified records, rejected records and declined records


18.5.2.5 Attestation Requests by Reviewer

It displays list of attestation requests by reviewer. The report includes the number of requests associated with each reviewer and information about each request. In addition, it displays the time at which the request is created and completed.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Reviewer First Name

First name of the reviewer

Reviewer Last Name

Last name of the reviewer

Reviewer User ID

User ID of the reviewer


Fields

The following table lists the fields of the report:

Report Field Description

Reviewer 's First Name

First name of the reviewer

Reviewer 's Last Name

Last name of the reviewer

Reviewer 's User ID

User ID of the reviewer

Total Number of Requests

Count of requests to review


Columns

The following table lists the columns of the report:

Report Column Description

Request ID

ID of the attestation request

Process Name

Name of the process

Initiation Date

Date on which attestation is initiated

Completion Date

Date by which attestation should be completed

Certified

Attestation process certified

Rejected

Attestation process rejected

Declined

Attestation process declined

Delegated

Attestation process delegated

Total Attested

Count of requests to attest


18.5.2.6 Request Details

This report provides administrators the ability to view the details (requestor, current approver and so on) of all requests with the input current status. Additionally, this report displays the details of all users (user name, organization, manager details, user status and so on) that will be provisioned as a result of the request approval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Requestor User First Name

First name of the requestor

Requestor User Last Name

Last name of the requestor

Request User ID

ID of the requestor

Request ID

Request ID

Request Parent ID

Parent ID of the request

Request Status

Status of the request

Request Type

Type of the request

Request Date From

Start date of the request

Request Date To

End date of the request

Beneficiary User First Name

First name of the beneficiary

Beneficiary User Last Name

Last name of the beneficiary

Beneficiary User ID

ID of the beneficiary


Fields

The following table lists the fields of the report:

Report Field Description

Request ID

Request ID

Request Type

Type of the request

Requester User ID

ID of the requester

Request Date

Date on which request is initiated

Approver User ID

ID of the approver

Current Status

Status of the request

Parent Request ID

ID of the parent Requester


Columns

The following table lists the columns of the report, if a beneficiary is present:

Report Column Description

First Name

First name of the beneficiary

Last Name

Last name of the beneficiary

User ID

ID of the beneficiary

User Type

Type of user

User Status

Status of the beneficiary

Organization

Organization of the beneficiary

Request Value

Request value of the resource


The following table lists the columns of the report, if a beneficiary is not present:

Report Column Description

Request Name

Name of the request

Request Value

Value of the request


18.5.2.7 Request Summary

This report provides administrators the ability to view the current status of all requests raised in the specified time interval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Request Type

Type of request

Request Date From

Start date of the request

Request Date To

End date of the request

Organization

Details of the organization


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

Request ID

Request ID

Parent Request ID

ID of the parent Requester

Request Type

Type of request

Request Status

Status of request

Requestor User ID

ID of the requestor

Beneficiary User ID

ID of the beneficiary

Request Details

Details of the request

Approver User ID

ID of the approver

Request Date

Date of request


18.5.2.8 Task Assignment History

It lists the history of all task assignments.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

User ID

ID of the beneficiary

Assignee First Name

First name of the assignee

Assignee Last Name

Last name of the assignee

Assignee User ID

ID of the assignee

Assignee Role Name

Role name of the assignee

Assignee User Name

User name of the assignee

Employee Type

Type of employee


18.5.3 Role and Organization Reports

Oracle Identity Manager BI Publisher Reports provides the following role and organization reports for Oracle Identity Manager:

18.5.3.1 Role Membership History

This report displays membership history of all the roles. The report will not show indirect memberships.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Role Name

Name of the role

Role Category

Category of the role

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Employee Status

Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date

Membership Status

Status of membership: Revoked, Active

Effective From

Role membership effective from date

Effective To

Role membership effective to date


Fields

The following table lists the fields of the report:

Report Field Description

Created By

Name of the person who created the role

Creation Date

Date on which the role was created


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Employee Type

Type of employee

Employee Status

Status of the employee

Membership Status

Membership date of the user

Effective From

Membership start date of the user

Effective To

Membership end date of the user

Manager's First Name

First name of the manager

Manager's Last Name

Last name of the manager

Manager's User ID

ID of the manager


18.5.3.2 Role Membership Profile

This report shows number of users present for number of roles and the details of users belonging to count number of roles.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Organization

Organization of the user


Fields

The following table lists the fields of the report:

Report Field Description

Membership in Number of Roles

Number of members in number of roles

Number of Users

Number of users in the role


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor


18.5.3.3 Role Membership

This report displays membership details of all roles.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Role Name

Name of the role

Role Category

Category of the role

Organization

Name of the organization

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Employee Status

Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date


Fields

The following table lists the fields of the report:

Report Field Description

Created By

Name of the person who created the user

Creation Date

Date on which the user is created


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of user

Employee Status

Status of the user

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Member Since

Joining date of the user

Manager's First Name

First name of the manager

Manager's Last Name

Last name of the manager

Manager's User ID

ID of the manager


18.5.3.4 Organization Details

It lists the hierarchical organization structure and details about users in the organization.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Organization Name

Name of the organization


Fields

The following table lists the fields of the report:

Report Field Description

Parent Organization Name

Name of the parent organization


Columns

The following table lists the columns of the report:

Report Column Description

Role

Name of Administrator User roles

First Name

First name of the user in the organization

Last Name

Last name of the user in the organization

User ID

ID of the user

User Status

Status of the user

User Type

Type of user

Start Date

Joining date of the user

End Date

Leaving date of the user


18.5.3.5 User Membership History

This report lists the logged in users with their membership history.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Last Name

First name of the user

First Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Status

Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor


Fields

The following table lists the fields of the report:

Report Field Description

User ID

ID of the user

User First Name

First name of the user

User Last Name

Last name of the user

Organization

Organization of the user

Employee Status

Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor


Columns

The following table lists the columns of the report:

Report Column Description

User Role

Name of the user role

Membership Status

Status of membership

Effective From

Date from which the membership is effective


18.5.4 Password Reports

Oracle Identity Manager BI Publisher Reports provides the following password reports for Oracle Identity Manager:

18.5.4.1 Password Expiration Summary

This report shows the list of all active users whose Oracle Identity Manager passwords are about to expire within a specified period.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Last Name

Last name of the user

First Name

First name of the user

User ID

ID of the user

Organization

Organization of the user

Expiration Date Range From

Start date of the expiration date

Expiration Date Range To

End date of the expiration date


Fields

N/A

Columns

The following table lists the columns of the report:

Report Field Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Employee Type

Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Employee Status

Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date

Organization

Organization of the user

Password Expiration Date

Date on which the password expires


18.5.4.2 Password Reset Summary

This report provides the ability to view the aggregated metrics around password change attempts done by users themselves or on behalf of them. The metrics include all password change attempts, successful or failure outcome of password change attempt, users locked due to multiple concurrent unsuccessful password change attempts.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Aggregation Frequency

The frequency of the report generated

Date Range From

Start date of the report generated

Date Range To

End date of the report generated

Organization

Name of the organization


Fields

The following table lists the fields of the report:

Report Field Description

Aggregation Frequency

The frequency of the report generated


Columns

The following table lists the columns of the report:

Report Column Description

Time Period

Date and time of reset attempts performed

Reset Attempts

Number of reset attempts

Failed Reset Attempts

Number of failed reset attempts

Locked Users due to Failed Reset Attempts

Number of users locked due to a failed reset attempt

Resets by non-beneficiary

Number of resets by non-beneficiary


18.5.4.3 Resource Password Expiration

It lists users whose resource passwords will expire in a specified time period.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

User Status

Status of the user

Password Expiration Date From

The password expiry starting date

Password Expiration Date To

The password expiry ending date


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Field Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

User Status

Status of the user: Active, Disabled, Deleted, Disabled Until Start Date

User Type

Type of the user: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Password Expiration Date

Date on which the password expires


18.5.5 Resource and Entitlement Reports

Oracle Identity Manager BI Publisher Reports provides the following resource and entitlement reports for Oracle Identity Manager:

18.5.5.1 Account Activity In Resource

It lists all account activities in each resource. It also provides information on how each user is associated with a specific activity of that resource.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

Date Range From

Date from which reports are displayed

Date Range To

Date to which reports are displayed


Fields

The following table lists the fields of the report:

Report Field Description

Resource Name

Name of the resource

Activity Type

The type of activity

Resource Authorizer User Role(s)

Name of the role which authorize the role

Resource Administrator User Role(s)

Name of the role which authorize the resource


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

User Status

Status of the user: Active, Disabled, Deleted, Disabled Until Start Date

Organization

Organization of the user

Manager's User ID

ID of the manager

Timestamp

Date when the report is created


18.5.5.2 Delegated Admins and Permissions by Resource

This report displays the list of user roles with write and delete access that are administrators of the resource.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

Administrator Role Name

Name of the Administrator role

Administrator Role Information

Information about the Administrator role

Read Access

Indicates whether the resource has read access

Write Access

Indicates whether the resource has write access

Delete Access

Indicates whether the resource has delete access

Authorizer Role

Authorizer role name

Name Priority

Priority of the resource

Created By

Name of the person who created the resource

Creation Date

Resource creation date


18.5.5.3 Delegated Admins by Resource

The report displays the list of user roles that are the administrators or authorizers of the resource and members of those roles.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

Resource Type

Type of resource

Resource Audit Objective

Objective to carry out the audit for the resource


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource

Target

Indicates whether the resource is a target for organization or user

Write Access

Indicates whether the resource has write access

Delete Access

Indicates whether the resource has delete access

Creation By

Resource creation source

Creation Date

Date on which resource is created


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

User Status

Status of the user

Member Since

Joining date of the user

Manager's First Name

First name of the manager

Manager's Last Name

Last name of the manager

Manager's User ID

ID of the manager


18.5.5.4 Entitlement Access List

This report provides administrators or auditors the ability to query all existing users, who have a specified entitlement. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Entitlement Code

Code of the entitlement

Resource Name

Name of the resource

Organization

Organization of the user

Role Name

Name of the role

User Status

Status of the user: Active, Disabled, Deleted, Disabled Until Start Date

User Type

Type of user

Provisioning Date From

Date from which the resource is provisioned to the user

Provisioning Date To

Date to which the resource is provisioned to the user


Fields

The following table lists the fields of the report:

Report Field Description

Entitlement Code

Code of the entitlement

Entitlement Name

Name of the entitlement

Entitlement status

Status of the entitlement.

Resource Name

Name of the resource

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

User Id

ID of the user

First Name

First name of the user

Last Name

Last name of the user

User Status

User Status

User Type

Type of the user

Organization

Organization of the user

Valid To Date

Entitlement valid from date

Valid From Date

Entitlement valid to date


18.5.5.5 Entitlement Access List History

This report provides administrators or auditors the ability to query all existing users provisioned to a entitlement over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Entitlement Code

Code of the entitlement

Resource Name

Name of the resource

Organization

Organization of the user

Role Name

Name of the role

User Status

Status of the user: Active, Disabled, Deleted, Disabled Until Start Date

User Type

Type of user

Effective From Date

Entitlement effective from date

Effective To Date

Entitlement effective to date


Fields

The following table lists the fields of the report:

Report Field Description

Entitlement Code

Code of the entitlement

Entitlement Name

Name of the entitlement

Resource Name

Name of the resource

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

User Id

ID of the user

First Name

First name of the user

Last Name

Last name of the user

User Status

Status of the user

User Type

Type of user

Effective From

Entitlement effective from date

Effective To

Entitlement effective to date


18.5.5.6 Financially Significant Resource Details

This report provides Administrators to get a list of financially significant resources to prioritize various administrative and cleanup activities. It also helps Compliance or Privacy and Security officers assessing effectiveness of preventive and detective controls in financial significant resources and Auditors to understand the IT resources that host financial data.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

User Roles

Lists the resource administrator user roles


18.5.5.7 Fine Grained Entitlement Exceptions By Resource

This report enables administrators, signing officers, internal and external auditors to analyze discrepancies in various process forms and related child tables of various resources and mitigate material weaknesses in the resources through remediation activities.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Employee Type

Type of the employee such as fulltime, part time

Organization Name

Name of the organization

Role Name

Name of the role


Fields

The following table lists the fields of the report:

Report Field Description

Resource Name

Name of the resource

User ID

ID of the user


Columns

The following table lists the columns of the report:

Report Column Description

Form Name

Name of the form

Form Type

Type of the form


Note:

Before running this report, you must populate data for account audit and reconciliation exceptions.

To populate the data for account audit and reconciliation exceptions:

  1. Set the value of the system property, XL.EnableExceptionReports, to True.

  2. Provision an user to any target.

  3. Modify any of the user's attribute in the target and reconcile the user.

  4. Find data in UPA_UD_FORMFIELDS and UPA_UD_FORMS tables.

  5. Go to Oracle Identity Manger server and run RefreshMaterializedViewScheduler Task.

  6. Log in to BIP and view the report.

18.5.5.8 Orphaned Account Summary

It lists the rogue accounts for the input resource for which a user existed in the target system, but the associated user to whom the account is provisioned never existed in Oracle Identity Manager.

Input Parameters

The table lists the report parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

Reconciliation Date Range From

Start date of reconciliation

Reconciliation Date Range To

End date of reconciliation


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

Resource

Name of the resource

Account Information

Information of the orphaned account

Reconciliation Date

Date of reconciliation


18.5.5.9 Resource Access List History

This report provides administrators or auditors the ability to query all existing users provisioned to a resource over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

User Status

Status of the user

User Type

Type of the user

Snapshot Date From

Effective start date of resource access to the user

Snapshot Date To

Effective end date of resource access to the user

Changes Date From

Resource changed from date to user

Changes Date To

Resource changed to date to user


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Resource Descriptive data

Description of the resource

User Status

Status of the user

Resource Status

Status of the resource

Effective From

Effective start date

Effective To

Effective end date


18.5.5.10 Resource Access List

This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

User Status

Status of the user

User Type

Type of the user

Provisioning Date From

Resource provision start date

Provisioning Date To

Resource provision end date


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

User Type

Type of the user

User Status

Status of the user

Organization

Organization of the user

Provisioning Date

Date on which the resource is provisioned


18.5.5.11 Resource Account Summary

This report lists the number of users for each status within each resource.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

Resource Type

Type of resource

Account Status

Status of the account


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource

Total Number of Users

Total number of users associated with the account


Columns

The following table lists the columns of the report:

Report Column Description

Account Status

Status of the account

Number of Users

Number of users with that account status


18.5.5.12 Resource Activity Summary

It lists the history of all provisioning and approval activities for a resource.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

Date Range From

Start date

Date Range To

End date


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

Accounts Provisioned

Number of accounts provisioned

Accounts De-Provisioned

Number of accounts de-provisioned

Approval Requests

Number of approval requests

Approval Accepted

Number of approved requests

Approval Rejected

Number of rejected requests


18.5.5.13 Rogue Accounts By Resource

This report includes all rogue accounts for the input resource. This report also includes the corresponding attestation data to analyze if the rogue accounts represent outstanding or accepted exceptions in the system. This enables administrators, signing officers, internal and external auditors to identify material weaknesses in the resources and plan their mitigation through remediation activities.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

Resource Name

Name of the resource

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization Name

Organization of the user

User Status

Status of the user

User Type

Type of the user


Fields

The following table lists the fields of the report:

Report Field Description

Resource Type

Type of resource


Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

User Status

Status of the user

User Type

Type of the user

Exception Type

Type of exception

Exception Approved in Attestation

Indicates whether the exception is approved or not

Reviewer First Name

First name of the reviewer

Reviewer Last Name

Last name of the reviewer

Reviewer User ID

User ID of the reviewer


18.5.5.14 User Resource Access History

This report provides administrators or auditors the ability to view user's resource access history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Status

Status of the user

Employee Type

Type of employee


Fields

The following table lists the fields of the report:

Report Field Description

User ID

ID of the user

User First Name

First name of the user

User Last Name

Last name of the user

Manager User ID

ID of the reporting Manager

Manager First Name

First name of the reporting Manager

Manager Last Name

Last name of the reporting Manager

Organization

Organization of the user

Employee Status

Status of employee

Employee Type

Type of employee

Identity Creation Date

User creation date


Columns

The following table lists the columns of the report:

Report Column Description

Resource Name

Name of the resource

Resource Descriptive Data

Description of the resource

Provisioned Date

Date on which the resource is provisioned

Provisioned By

Name of the person who provisioned the resource

Effective From

Effective start date of resource access to the user

Effective To

Effective end date of resource access to the user


18.5.5.15 User Resource Access

This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Status

Status of employee

Employee Type

Type of employee


Fields

The following table lists the fields of the report:

Report Field Description

User ID

ID of the user

User First Name

First name of the user

User Last Name

Last name of the user

Manager User ID

ID of the reporting Manager

Manager First Name

First name of the reporting Manager

Manager Last Name

Last name of the reporting Manager

Organization

Organization of the user

Employee Status

Status of employee

Employee Type

Type of employee

Identity Creation Date

User creation date


Columns

The following table lists the columns of the report:

Report Column Description

Resource Name

Name of the resource

Resource Descriptive Data

Description of the resource

Resource Status

Status of the resource

Provisioned Date

Date on which the resource is provisioned


18.5.5.16 User Resource Entitlement

This report provides administrators or auditors the ability to query all existing entitlements provisioned to specific users. This report can be used for operational and compliance purposes.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

User ID

ID of the user

First Name

First name of the user

Last Name

Last name of the user

Email

Email of the user

Resource Name

Name of the resource

Organization

Organization of the user

Role Name

Name of the role

User Status

Status of the user

User Type

Type of the user


Fields

The following table lists the fields of the report:

Report Field Description

User ID

ID of the user

First Name

First name of the user

Middle Name

Middle name of the user

Last Name

Last name of the user

Email

Email of the user

Organization

Organization of the user

User Status

Status of the user

User Type

Type of the user

Manager First Name

First name of the manager

Manager Last Name

Last name of the manager

Start Date

Entitlement of resource start date

End Date

Entitlement of resource end date


Columns

The following table lists the columns of the report:

Report Column Description

Entitlement Code

Code of the entitlement

Entitlement Name

Name of the entitlement

Entitlement Status

Status of the entitlement

Resource

Type of the resource

Provisioning Start

Date from which the resource is provisioned to the user

Valid From Date

Entitlement of resource valid start date


18.5.5.17 User Resource Entitlement History

This report provides administrators or auditors the ability to view user's resource entitlement history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

User ID

ID of the user

First Name

First name of the user

Last Name

Last name of the user

Email

Email of the user

Resource Name

Name of the resource

Organization

Organization of the user

Role Name

Name of the role

User Status

Status of the user

User Type

Type of the user

Effective From Date

Resource entitlement effective start date

Effective To Date

Resource entitlement effective end date


Fields

The following table lists the fields of the report:

Report Field Description

User ID

ID of the user

First Name

First name of the user

Last Name

Last name of the user

User Status

Status of the user

User Type

Type of the user

Organization

Organization of the user

Email

Email of the user

Start Date

Start date of resource entitlement

End Date

End date of resource entitlement

Identity Creation Date

Date of identity creation

Manager First Name

First name of the manager

Manager Last Name

Last name of the manager


Columns

The following table lists the columns of the report:

Report Column Description

Entitlement Code

Code of the entitlement

Entitlement Name

Name of the entitlement

Resource

Type of the resource

Effective From Date

Resource entitlement effective start date

Effective To Date

Resource entitlement effective end date


18.5.6 User Reports

Oracle Identity Manager BI Publisher Reports provides the following user reports for Oracle Identity Manager:

18.5.6.1 User Profile History

This report shows all the users and their details based on the input parameters.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Role Name

Role of the user

Manager User ID

ID of the Manager to whom the user reports

Employee Status

Status of the user

Employee Type

Type of employee

Changes Date Range From

Effective start date of the changes

Changes Date Range To

Effective end date of the changes

Snapshot Date Range From

Effective start date of resource access to the user

Snapshot Date Range To

Effective end date of resource access to the user


Fields

The following table lists the fields of the report:

Report Field Description

User ID

ID of the user

User First Name

First name of the user

User Last Name

Last name of the user

Manager User ID

ID of the reporting Manager

Manager First Name

First name of the reporting Manager

Manager Last Name

Last name of the reporting Manager

Organization

Organization of the user

Employee Status

Status of employee

Employee Type

Type of employee

Identity Creation Date

User creation date


Columns

The following table lists the columns of the report:

Report Column Description

Profile Parameter

Name of user profile

Value

Value of user profile

Date Effective From

Effective from date

Time Effective From

Effective from time


18.5.6.2 User Summary

It lists all Oracle Identity Manager users created in a specified time period. In addition, it provides information on whether the users were created manually or through trusted reconciliation.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Employee Status

Status of the user

Employee Type

Type of employee

Creation Date From

Start date of user summary

Creation Date To

End date of user summary


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Status

Status of the user

Employee Type

Type of employee

Manager ID

ID of the Manager to whom the user reports

Source

User creation source

Creation Date

Date at which the user is created


18.5.6.3 Users Deleted

This report shows all the deleted users and their details based on input parameters.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Type

Type of employee

Deletion Date From

Start date of summary of deleted users

Deletion Date To

End date of summary of deleted users


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Type

Type of employee

Manager ID

ID of the Manager to whom the user reports

Source

User creation source

Deletion Date

Date at which the user is deleted


18.5.6.4 Users Disabled

This report provides the ability to view the details of users whose accounts are disabled. The account may be disabled for various reasons. For example, rejection in attestation, unsuccessful login or password reset attempts failure and so on.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Type

Type of employee

Disabled Date From

Start date of user disabled

Disabled Date To

End date of user disabled


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Status

Current status of the employee

Employee Type

Type of employee

Manager ID

ID of the Manager to whom the user reports

Source

User creation source

Disabled Date

Date at which the user is disabled


18.5.6.5 Users Unlocked

This report provides the ability to view the details of users whose disabled accounts are unlocked by administrators. Delegated administrators of the organizations to whom the user belongs may enable the accounts.

Input Parameters

The table lists the report input parameters used to specify a criterion for subsetting data:

Report Parameter Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Type

Type of employee

Unlocked Date From

Start date of user unlocked

Unlocked Date To

End date of user unlocked


Fields

N/A

Columns

The following table lists the columns of the report:

Report Column Description

First Name

First name of the user

Last Name

Last name of the user

User ID

ID of the user

Organization

Organization of the user

Employee Status

Status of the user

Employee Type

Type of employee

Manager ID

ID of the Manager to whom the user reports

Source

User creation source

Unlocked Date

Date at which the user is unlocked


18.5.7 Best Practices for Running Oracle Identity Manager Reports

As a best practice, you must consider the following points before running Oracle Identity Manager BI publisher reports:

  • Do not run Oracle Identity Manager reports with null value in date range parameters. You must run Oracle Identity Manager reports always with date range values in data range parameters, otherwise report will not display anything.

  • Invoke the reports with the set of values as input parameters to provide the selectivity, thus improving the performance.

18.6 Exception Reports

In Oracle Identity Manager, exception refers to the difference between accounts that a user is entitled to and the accounts that are actually assigned to a user. The user is assigned these accounts as a result of access policies, provisioning of resources, approval requests, and reconciliation events. Any difference of these accounts assigned to a user in the target system and the ones assigned to the user in Oracle Identity Manager comprises an exception.

To populate the data for account audit and reconciliation exceptions report:

  1. Set the value of the XL.EnableExceptionReports system property to True. See "Administering System Properties" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about system properties.

  2. Verify that the Object Initial Reconciliation Date field of the resource object is earlier than the sysdate.

The following exception reports have been introduced in this release:

18.7 Creating Reports Using Third-Party Software

Oracle Identity Manager supports the creation of reports by using third-party tools such as Crystal Reports. You can use a third-party tool to create the reports listed in Section 18.5, "Reports for Oracle Identity Manager".

Note:

To learn how to create reports by using third-party software, see the third-party software documentation.

18.8 Required Scheduled Tasks for BI Publisher Reports

Table 18-1 lists the scheduled tasks required for Oracle Identity Manager BI Publisher reports:

Table 18-1 Scheduled Tasks for BI Publisher Reports

Report Name Scheduled Task Name Description

Fine Grained Entitlement Exceptions By Resource

RefreshMaterializedView

To refresh the Materialized View used in this report with the latest data

User Profile History

IssueAuditTask

To populate the audit tables with the latest data

User Unlocked

IssueAuditTask

To populate the audit tables with the latest data

User Membership History

IssueAuditTask

To populate the audit tables with the latest data

Role Membership History

IssueAuditTask

To populate the audit tables with the latest data

Resource Access List History

IssueAuditTask

To populate the audit tables with the latest data

User Resource Access History

IssueAuditTask

To populate the audit tables with the latest data

Resource Activity Summary

IssueAuditTask

To populate the audit tables with the latest data

Password Reset Summary

IssueAuditTask

To populate the audit tables with the latest data

Entitlement Reports

Entitlement List

To populate the Entitlement List table with the marked entitlements

 

Entitlement Assignment

To populate the Entitlement Assignment tables with the assigned entitlements

 

Entitlement Updates

To populate the latest data into the Entitlement Assignment tables, if any entitlement has assigned to any user periodically or later