Access Algorithm Results

In the worksheet that reports the results of an access algorithm, each row is a record of an access assignment to a user that the algorithm defines as risky. More often than not, a single access conflict involves assignments documented in more than one row. As you view results, you'll encounter some specialized terminology:

• An access point is any job role, duty role, or privilege. An access algorithm defines conflicts between access points. An Access Point column identifies the access point that's the focus of a result record, and an Access Point Type column indicates whether it's a privilege or a role.

• An Incident Information column reports the path to the access point that's the focus of the result record. (Paths to access points are defined by hierarchies established in your job and duty roles.)

• An access entitlement is a set of related access points. An algorithm may (and typically does) define conflicts between entitlements. If so, each access point in one entitlement conflicts with every access point in the other. An Access Entitlement Name column identifies the entitlement to which the Incident Information access point belongs.

• A Role column identifies the role that provides access to the Incident Information access point.

• User Name, First Name, and Last Name columns identify the user whose role assignments contain conflicts.

Often, an efficient way to review an access worksheet is to use it as the source of a pivot table, which can arrange data to emphasize what you want to see. Examples in the next two topics illustrate the use of pivot tables in access worksheets. Complete these preparatory steps before creating pivots from access-algorithm worksheets:

• Remove any rows above the column-header rows.

• Select all remaining rows: Click on the triangle icon in the upper left corner (between the letter A that labels the first column and the number 1 that labels the first row).