21 Using Reporting Features

Reporting uses the standard features of Oracle Analytics Server. Using reports involve understanding the output formats, types of reports, and required scheduled tasks, and following best practices for using reports.

This chapter describes reporting in Oracle Identity Manager. It contains the following sections:

• About Reporting in Oracle Identity Governance

• Supported Output Formats for Reports

• Classification of Oracle Identity Governance Reports

• Required Scheduled Tasks for Oracle Analytics Server Reports

• Best Practices for Running Oracle Identity Governance Reports

21.1 About Reporting in Oracle Identity Governance

Oracle Analytics Server is Oracle's primary reporting tool for authoring, managing, and delivering all your highly formatted documents.

You can use standalone Oracle Analytics Server to view and run Oracle Identity Manager reports.

After Oracle Analytics Server configuration, you can take advantage of the standard features of Oracle Analytics Server, such as:

• Highly formatted and professional quality reports with pagination and headers/footers.

• PDF, Word, and HTML output of reports.

• Capability to develop your own custom reports against the Oracle Identity Manager repository (read-only repository access).

• Scheduling capabilities and delivery mechanisms, such as e-mail and FTP of Oracle Analytics Server.

• Format (report) can be edited separately from the data definition (data model).

• Standardized Oracle Identity subtemplate for headers.

• National Language Support (NLS) for BI Publisher report output.

Note:

Before using Oracle Identity Manager reports, configure standalone Oracle Analytics Server reports. See Configuring Reports in Developing and Customizing Applications for Oracle Identity Governance.

21.2 Supported Output Formats for Reports

Oracle Analytics Server supports multiple report output formats, such as HTML, PDF, RTF, and MHTML.

All reports are generated in a native XML format which can be transformed into different other output formats. The following formats are supported:

• HTML

• PDF

• RTF

• MHTML

21.3 Classification of Oracle Identity Governance Reports

Oracle Identity Governance reports are classified into various categories based on functional areas.

All the reports containing Date type input parameters must be provided with the date range in the Date Input Parameters before running the report. Otherwise, the reports will not display any data.

Oracle Identity Manager Reports are classified into the following categories based on their functional areas:

• Access Policy Reports

• Request and Approval Reports

• Role and Organization Reports

• Password Reports

• Resource and Entitlement Reports

• User Reports

• Certification Reports

• Identity Audit Reports

• Exception Reports

21.3.1 Access Policy Reports

The access policy reports are Access Policy Details and Access Policy List by Role.

Oracle Analytics Server Reports provides the following access policy reports for Oracle Identity Manager:

• Access Policy Details

• Access Policy List by Role

21.3.1.1 Access Policy Details

It provides administrators or auditors the ability to view a current snapshot of all the policies associated only with roles defined in Oracle Identity Manager system, along with key information about each policy, and the number of instances in which each policy has been activated.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Access Policy Name	Name of the Access Policy

Fields

The following table lists the fields of the report:

Report Field	Description
Description	Description of the policy
Approval Required	Approval required for the policy
Creation Date	Date when the policy is created
Retrofit Access Policy	Retrofit of the access policy
Created By	Name of the person who created the policy
Priority	Priority of the policy

Columns

The following table lists the columns of the report:

Report Column	Description
Application Instance Name	Name of the application instance

21.3.1.2 Access Policy List by Role

It lists all policies defined in Oracle Identity Manager system by role. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the input parameters for the report:

Report Parameter	Description
Role Name	Name of the role

Fields

The following table lists the fields of the report:

Report Field	Description
Description	Description of the policy
Approval Required	Approval required for the policy
Creation Date	Date when the policy is created
Retrofit Access Policy	Retrofit of the access policy
Created By	Name of the person who created the policy
Priority	Priority of the policy

Columns

The following table lists the columns of the report:

Report Column	Description
Role Name	Name of the role

21.3.2 Request and Approval Reports

The request and approval reports are Approval Activity Report, Request Details Report, Request Summary Report, and Task Assignment History.

Oracle Analytics Server Reports provides the following request and approval reports for Oracle Identity Manager:

• Approval Activity Report

• Request Details Report

• Request Summary Report

• Task Assignment History

21.3.2.1 Approval Activity Report

This report provides the administrators the ability to view the approval activity including requests that are approved, rejected, or pending.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Approver's First Name	First name of the approver
Approver's Last Name	Last name of the approver
Approver's User ID	User ID of the approver
Organization	Name of the organization

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
Approver's First Name	First name of the approver
Approver's Last Name	Last name of the approver
Approver's User ID	User ID of the approver
Organization	Organization of the approver
Approval Accepted	Count of the accepted approval
Approval Rejected	Count of the rejected approval
Approvals Pending	Count of the pending approval
Approval Requests Total	Total number of approval requests

21.3.2.2 Request Details Report

This report provides administrators the ability to view the details (requestor, current approver and so on) of all requests with the input current status. Additionally, this report displays the details of all users (user name, organization, manager details, user status and so on) that will be provisioned as a result of the request approval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Requestor User First Name	First name of the requestor
Requestor User Last Name	Last name of the requestor
Request User ID	ID of the requestor
Request ID	Request ID
Request Parent ID	Parent ID of the request
Request Status	Status of the request
Request Type	Type of the request
Request Date From	Start date of the request
Request Date To	End date of the request
Beneficiary User First Name	First name of the beneficiary
Beneficiary User Last Name	Last name of the beneficiary
Beneficiary User ID	ID of the beneficiary

Fields

The following table lists the fields of the report:

Report Field	Description
Request ID	Request ID
Request Type	Type of the request
Requester User ID	ID of the requester
Request Date	Date on which request is initiated
Approver User ID	ID of the approver
Current Status	Status of the request
Parent Request ID	ID of the parent Requester

Columns

The following table lists the columns of the report, if a beneficiary is present:

Report Column	Description
First Name	First name of the beneficiary
Last Name	Last name of the beneficiary
User ID	ID of the beneficiary
User Type	Type of user
User Status	Status of the beneficiary
Organization	Organization of the beneficiary
Request Value	Request value of the resource

The following table lists the columns of the report, if a beneficiary is not present:

Report Column	Description
Request Name	Name of the request
Request Value	Value of the request

The following table provides the approver details:

Report Column	Description
Approver User ID	User ID of the approver of the request
Approver User Name	User name of the approver of the request

21.3.2.3 Request Summary Report

This report provides administrators the ability to view the current status of all requests raised in the specified time interval. This helps administrators in planning and prioritizing operational activities so that they may expedite the closure of pending requests.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Request Type	Type of request
Request Date From	Start date of the request
Request Date To	End date of the request
Organization	Details of the organization

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
Request ID	Request ID
Parent Request ID	ID of the parent Requester
Request Type	Type of request
Request Status	Status of request
Requester User ID	ID of the requester
Requester User Name	Name of the requester of the request
Beneficiary User ID	ID of the beneficiary
Request Details	Details of the request
Approver User ID	ID of the approver
Approver User Name	Name of the approver of the request
Request Date	Date of request

21.3.2.4 Task Assignment History

It lists the history of all task assignments.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
Assignee User ID	ID of the assignee user
Assignee First Name	First name of the assignee user
Assignee Last Name	Last name of the assignee user

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
User ID	ID of the beneficiary
Assignee First Name	First name of the assignee
Assignee Last Name	Last name of the assignee
Assignee User ID	ID of the assignee
Assignee Role Name	Role name of the assignee
Assignee User Name	User name of the assignee
Employee Type	Type of employee

21.3.3 Role and Organization Reports

The role and organization reports are Role Membership History, Role Membership Profile, Role Membership, Organization Details, and User Membership History.

Oracle Identity Manager provides the following role and organization reports:

• Role Membership History

• Role Membership Profile

• Role Membership

• Organization Details

• User Membership History

21.3.3.1 Role Membership History

This report displays membership history of all the roles. The report will not show indirect memberships.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Role Name	Name of the role
Role Category	Category of the role
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Employee Status	Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Membership Status	Status of membership: Revoked, Active
Effective From	Role membership effective from date
Effective To	Role membership effective to date

Fields

The following table lists the fields of the report:

Report Field	Description
Created By	Name of the person who created the role
Creation Date	Date on which the role was created

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Employee Type	Type of employee
Employee Status	Status of the employee
Membership Status	Membership date of the user
Effective From	Membership start date of the user
Effective To	Membership end date of the user
Manager's First Name	First name of the manager
Manager's Last Name	Last name of the manager
Manager's User ID	ID of the manager
Updated By	Name of the user who updated the record

21.3.3.2 Role Membership Profile

This report shows number of users present for number of roles and the details of users belonging to count number of roles.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Organization	Organization of the user

Fields

The following table lists the fields of the report:

Report Field	Description
Membership in Number of Roles	Number of members in number of roles
Number of Users	Number of users in the role

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

21.3.3.3 Role Membership

This report displays membership details of all roles.

Input Parameters

The following table lists input parameters for the report.

Report Parameter	Description
Role Name	Name of the role
Role Category	Category of the role
Organization	Name of the organization
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Employee Status	Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date

Fields

The following table lists the fields of the report:

Report Field	Description
Created By	Name of the person who created the user
Creation Date	Date on which the user is created

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of user
Employee Status	Status of the user
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Member Since	Joining date of the user
Manager's First Name	First name of the manager
Manager's Last Name	Last name of the manager
Manager's User ID	ID of the manager

21.3.3.4 Organization Details

It lists the hierarchical organization structure and details about users in the organization.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Organization Name	Name of the organization

Fields

The following table lists the fields of the report:

Report Field	Description
Parent Organization Name	Name of the parent organization

Columns

The following table lists the columns of the report:

Report Column	Description
Role	Name of Administrator User roles
First Name	First name of the user in the organization
Last Name	Last name of the user in the organization
User ID	ID of the user
User Status	Status of the user
User Type	Type of user
Start Date	Joining date of the user
End Date	Leaving date of the user

21.3.3.5 User Membership History

This report lists the logged in users with their membership history.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Last Name	First name of the user
First Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Status	Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Fields

The following table lists the fields of the report:

Report Field	Description
User ID	ID of the user
User First Name	First name of the user
User Last Name	Last name of the user
Organization	Organization of the user
Employee Status	Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor

Columns

The following table lists the columns of the report:

Report Column	Description
User Role	Name of the user role
Membership Status	Status of membership
Effective From	Date from which the membership is effective
Updated By	User who updated the record

21.3.4 Password Reports

The password reports are Password Expiration Summary Report, Password Reset Summary Report, and Resource Password Expiration Report.

Oracle Identity Manager provides the following password reports:

• Password Expiration Summary Report

• Password Reset Summary Report

• Resource Password Expiration Report

21.3.4.1 Password Expiration Summary Report

This report shows the list of all active users whose Oracle Identity Manager passwords are about to expire within a specified period.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Last Name	Last name of the user
First Name	First name of the user
User ID	ID of the user
Organization	Organization of the user
Expiration Date Range From	Start date of the expiration date
Expiration Date Range To	End date of the expiration date

Fields

N/A

Columns

The following table lists the columns of the report:

Report Field	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Employee Type	Type of the employee: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Employee Status	Status of the employee: Active, Disabled, Deleted, Disabled Until Start Date
Organization	Organization of the user
Password Expiration Date	Date on which the password expires

21.3.4.2 Password Reset Summary Report

This report provides the ability to view the aggregated metrics around password change attempts done by users themselves or on behalf of them. The metrics include all password change attempts, successful or failure outcome of password change attempt, users locked due to multiple concurrent unsuccessful password change attempts.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Aggregation Frequency	The frequency of the report generated
Date Range From	Start date of the report generated
Date Range To	End date of the report generated
Organization	Name of the organization

Fields

The following table lists the fields of the report:

Report Field	Description
Aggregation Frequency	The frequency of the report generated

Columns

The following table lists the columns of the report:

Report Column	Description
Time Period	Date and time of reset attempts performed
Reset Attempts	Number of reset attempts
Failed Reset Attempts	Number of failed reset attempts
Locked Users due to Failed Reset Attempts	Number of users locked due to a failed reset attempt
Resets by non-beneficiary	Number of resets by non-beneficiary

21.3.4.3 Resource Password Expiration Report

It lists users whose resource passwords will expire in a specified time period.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
User Status	Status of the user
Password Expiration Date From	The password expiry starting date
Password Expiration Date To	The password expiry ending date

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Field	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
User Status	Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
User Type	Type of the user: Full-Time, Part-Time, Temp, Intern, Consultant, Contractor
Password Expiration Date	Date on which the password expires

21.3.5 Resource and Entitlement Reports

The resource and entitlement reports are Account Activity In Resource, Delegated Admins and Permissions by Resource, Delegated Admins by Resource, Entitlement Access List, Entitlement Access List History, Financially Significant Resource Details, Resource Access List History, Resource Access List, Resource Account Summary, Resource Activity Summary, User Resource Access History, User Resource Access, User Resource Entitlement, and User Resource Entitlement History.

Oracle Analytics Server Reports provides the following resource and entitlement reports for Oracle Identity Manager:

• Account Activity In Resource

• Delegated Admins and Permissions by Resource

• Delegated Admins by Resource

• Entitlement Access List

• Entitlement Access List History

• Financially Significant Resource Details

• Resource Access List History

• Resource Access List

• Resource Account Summary

• Resource Activity Summary

• User Resource Access History

• User Resource Access

• User Resource Entitlement

• User Resource Entitlement History

21.3.5.1 Account Activity In Resource

The Account Activity in Resource report lists all account activities in each resource, and provides information on how each user is associated with a specific activity of that resource.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
Date Range From	Date from which reports are displayed
Date Range To	Date to which reports are displayed

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Name	Name of the resource
Activity Type	The type of activity
Resource Authorizer User Role(s)	Name of the role which authorize the role
Resource Administrator User Role(s)	Name of the role which authorize the resource

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
User Status	Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
Organization	Organization of the user
Manager's User ID	ID of the manager
Timestamp	Date when the report is created

21.3.5.2 Delegated Admins and Permissions by Resource

This report displays the list of user roles with write and delete access that are administrators of the resource.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
Administrator Role Name	Name of the Administrator role
Administrator Role Information	Information about the Administrator role
Read Access	Indicates whether the resource has read access
Write Access	Indicates whether the resource has write access
Delete Access	Indicates whether the resource has delete access
Authorizer Role	Authorizer role name
Name Priority	Priority of the resource
Created By	Name of the person who created the resource
Creation Date	Resource creation date

21.3.5.3 Delegated Admins by Resource

The report displays the list of user roles that are the administrators or authorizers of the resource and members of those roles.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
Resource Type	Type of resource
Resource Audit Objective	Objective to carry out the audit for the resource

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource
Target	Indicates whether the resource is a target for organization or user
Write Access	Indicates whether the resource has write access
Delete Access	Indicates whether the resource has delete access
Creation By	Resource creation source
Creation Date	Date on which resource is created

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
User Status	Status of the user
Member Since	Joining date of the user
Manager's First Name	First name of the manager
Manager's Last Name	Last name of the manager
Manager's User ID	ID of the manager

21.3.5.4 Entitlement Access List

This report provides administrators or auditors the ability to query all existing users, who have a specified entitlement. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Entitlement Code	Code of the entitlement
Resource Name	Name of the resource
Organization	Organization of the user
Role Name	Name of the role
User Status	Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
User Type	Type of user
Provisioning Date From	Date from which the resource is provisioned to the user
Provisioning Date To	Date to which the resource is provisioned to the user

Fields

The following table lists the fields of the report:

Report Field	Description
Entitlement Code	Code of the entitlement
Entitlement Name	Name of the entitlement
Entitlement status	Status of the entitlement.
Resource Name	Name of the resource
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
User Id	ID of the user
First Name	First name of the user
Last Name	Last name of the user
User Status	User Status
User Type	Type of the user
Organization	Organization of the user
Valid To Date	Entitlement valid from date
Valid From Date	Entitlement valid to date

21.3.5.5 Entitlement Access List History

This report provides administrators or auditors the ability to query all existing users provisioned to a entitlement over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Entitlement Code	Code of the entitlement
Resource Name	Name of the resource
Organization	Organization of the user
Role Name	Name of the role
User Status	Status of the user: Active, Disabled, Deleted, Disabled Until Start Date
User Type	Type of user
Effective From Date	Entitlement effective from date
Effective To Date	Entitlement effective to date

Fields

The following table lists the fields of the report:

Report Field	Description
Entitlement Code	Code of the entitlement
Entitlement Name	Name of the entitlement
Resource Name	Name of the resource
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
User Id	ID of the user
First Name	First name of the user
Last Name	Last name of the user
User Status	Status of the user
User Type	Type of user
Effective From	Entitlement effective from date
Effective To	Entitlement effective to date

21.3.5.6 Financially Significant Resource Details

This report provides Administrators to get a list of financially significant resources to prioritize various administrative and cleanup activities. It also helps Compliance or Privacy and Security officers assessing effectiveness of preventive and detective controls in financial significant resources and Auditors to understand the IT resources that host financial data.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
User Roles	Lists the resource administrator user roles

21.3.5.7 Resource Access List History

This report provides administrators or auditors the ability to query all existing users provisioned to a resource over its lifecycle. This is a lifetime report showing entire history of resource's access list or entitlements.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
User Status	Status of the user
User Type	Type of the user
Snapshot Date From	Effective start date of resource access to the user
Snapshot Date To	Effective end date of resource access to the user
Changes Date From	Resource changed from date to user
Changes Date To	Resource changed to date to user

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Resource Descriptive data	Descriptive data to identify the resource
User Status	Status of the user
Resource Status	Status of the resource
Effective From	Effective start date
Effective To	Effective end date

21.3.5.8 Resource Access List

This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
User Status	Status of the user
User Type	Type of the user
Provisioning Date From	Resource provision start date
Provisioning Date To	Resource provision end date

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
User Type	Type of the user
User Status	Status of the user
Organization	Organization of the user
Provisioning Date	Date on which the resource is provisioned

21.3.5.9 Resource Account Summary

This report lists the number of users for each status within each resource.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
Resource Type	Type of resource
Account Status	Status of the account

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource
Total Number of Users	Total number of users associated with the account

Columns

The following table lists the columns of the report:

Report Column	Description
Account Status	Status of the account
Number of Users	Number of users with that account status

21.3.5.10 Resource Activity Summary

It lists the history of all provisioning and approval activities for a resource.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
Date Range From	Start date
Date Range To	End date

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
Accounts Provisioned	Number of accounts provisioned
Accounts De-Provisioned	Number of accounts de-provisioned
Approval Requests	Number of approval requests
Approval Accepted	Number of approved requests
Approval Rejected	Number of rejected requests

21.3.5.11 User Resource Access History

This report provides administrators or auditors the ability to view user's resource access history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Status	Status of the user
Employee Type	Type of employee

Fields

The following table lists the fields of the report:

Report Field	Description
User ID	ID of the user
User First Name	First name of the user
User Last Name	Last name of the user
Manager User ID	ID of the reporting Manager
Manager First Name	First name of the reporting Manager
Manager Last Name	Last name of the reporting Manager
Organization	Organization of the user
Employee Status	Status of employee
Employee Type	Type of employee
Identity Creation Date	User creation date

Columns

The following table lists the columns of the report:

Report Column	Description
Resource Name	Name of the resource
Resource Descriptive Data	Description of the resource
Provisioned Date	Date on which the resource is provisioned
Provisioned By	Name of the person who provisioned the resource
Effective From	Effective start date of resource access to the user
Effective To	Effective end date of resource access to the user

21.3.5.12 User Resource Access

This report provides administrators or auditors the ability to query all existing users provisioned to a specified resource. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Status	Status of employee
Employee Type	Type of employee

Fields

The following table lists the fields of the report:

Report Field	Description
User ID	ID of the user
User First Name	First name of the user
User Last Name	Last name of the user
Manager User ID	ID of the reporting Manager
Manager First Name	First name of the reporting Manager
Manager Last Name	Last name of the reporting Manager
Organization	Organization of the user
Employee Status	Status of employee
Employee Type	Type of employee
Identity Creation Date	User creation date

Columns

The following table lists the columns of the report:

Report Column	Description
Resource Name	Name of the resource
Resource Descriptive Data	Description of the resource
Resource Status	Status of the resource
Provisioned Date	Date on which the resource is provisioned

21.3.5.13 User Resource Entitlement

This report provides administrators or auditors the ability to query all existing entitlements provisioned to specific users. This report can be used for operational and compliance purposes.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
User ID	ID of the user
First Name	First name of the user
Last Name	Last name of the user
Email	Email of the user
Resource Name	Name of the resource
Organization	Organization of the user
Role Name	Name of the role
User Status	Status of the user
User Type	Type of the user

Fields

The following table lists the fields of the report:

Report Field	Description
User ID	ID of the user
First Name	First name of the user
Middle Name	Middle name of the user
Last Name	Last name of the user
Email	Email of the user
Organization	Organization of the user
User Status	Status of the user
User Type	Type of the user
Manager First Name	First name of the manager
Manager Last Name	Last name of the manager
Start Date	Entitlement of resource start date
End Date	Entitlement of resource end date

Columns

The following table lists the columns of the report:

Report Column	Description
Entitlement Code	Code of the entitlement
Entitlement Name	Name of the entitlement
Entitlement Status	Status of the entitlement
Resource	Type of the resource
Provisioning Start	Date from which the resource is provisioned to the user
Valid From Date	Entitlement of resource valid start date

21.3.5.14 User Resource Entitlement History

This report provides administrators or auditors the ability to view user's resource entitlement history over user's lifecycle. This report can be used for compliance and forensic auditing purposes. This is not a user access profile snapshot report. This is a lifetime report showing entire history of user's entitlements.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
User ID	ID of the user
First Name	First name of the user
Last Name	Last name of the user
Email	Email of the user
Resource Name	Name of the resource
Organization	Organization of the user
Role Name	Name of the role
User Status	Status of the user
User Type	Type of the user
Effective From Date	Resource entitlement effective start date
Effective To Date	Resource entitlement effective end date

Fields

The following table lists the fields of the report:

Report Field	Description
User ID	ID of the user
First Name	First name of the user
Last Name	Last name of the user
User Status	Status of the user
User Type	Type of the user
Organization	Organization of the user
Email	Email of the user
Start Date	Start date of resource entitlement
End Date	End date of resource entitlement
Identity Creation Date	Date of identity creation
Manager First Name	First name of the manager
Manager Last Name	Last name of the manager

Columns

The following table lists the columns of the report:

Report Column	Description
Entitlement Code	Code of the entitlement
Entitlement Name	Name of the entitlement
Resource	Type of the resource
Effective From Date	Resource entitlement effective start date
Effective To Date	Resource entitlement effective end date

21.3.6 User Reports

The user reports are User Creation, User Profile History, User Summary, Users Deleted, Users Disabled, and Users Unlocked.

Oracle Identity Manager provides the following user reports:

• User Creation

• User Profile History

• User Summary

• Users Deleted

• Users Disabled

• Users Unlocked

21.3.6.1 User Creation

This report lists all Oracle Identity Manager users created between a specified date range. In addition, it provides the source of information on the users created.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Employee Status	Status of the user
Employee Type	Type of employee
Creation Date From	Start date of user summary
Creation Date To	End date of user summary
Organization	Organization of the user

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Current Status	Status of the user
Employee Type	Type of employee
Manager ID	ID of the Manager to whom the user reports
Source of Creation	User creation source
Creation On	Date on which the user is created
Created By	User who created the user

21.3.6.2 User Profile History

This report shows all the users and their details based on the input parameters.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Role Name	Role of the user
Manager User ID	ID of the Manager to whom the user reports
Employee Status	Status of the user
Employee Type	Type of employee
Changes Date Range From	Effective start date of the changes
Changes Date Range To	Effective end date of the changes
Snapshot Date Range From	Effective start date of resource access to the user
Snapshot Date Range To	Effective end date of resource access to the user

Fields

The following table lists the fields of the report:

Report Field	Description
User ID	ID of the user
User First Name	First name of the user
User Last Name	Last name of the user
Manager User ID	ID of the reporting Manager
Manager First Name	First name of the reporting Manager
Manager Last Name	Last name of the reporting Manager
Organization	Organization of the user
Employee Status	Status of employee
Employee Type	Type of employee
Identity Creation Date	User creation date

Columns

The following table lists the columns of the report:

Report Column	Description
Profile Parameter	Name of user profile
Value	Value of user profile
Date Effective From	Effective from date
Time Effective From	Effective from time
Updated By	User who updated the record

21.3.6.3 User Summary

It lists all Oracle Identity Manager User's summary in a specified time period. It includes user details along with source of creation, and who created it and when.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Employee Status	Status of the user
Employee Type	Type of employee
Creation Date From	Start date of user summary
Creation Date To	End date of user summary
Organization	Organization of the user

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Status	Status of the user
Employee Type	Type of employee
Manager ID	ID of the Manager to whom the user reports
Source	User creation source
Creation Date	Date at which the user is created

21.3.6.4 Users Deleted

This report shows all the deleted users and their details based on input parameters.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Type	Type of employee
Deletion Date From	Start date of summary of deleted users
Deletion Date To	End date of summary of deleted users
Organization	Organization of the user

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Type	Type of employee
Manager ID	ID of the Manager to whom the user reports
Source	User creation source
Deletion Date	Date at which the user is deleted

21.3.6.5 Users Disabled

This report provides the ability to view the details of users whose accounts are disabled. The account may be disabled for various reasons, for example, unsuccessful login or password reset attempts failure.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Type	Type of employee
Disabled Date From	Start date of user disabled
Disabled Date To	End date of user disabled
Organization	Organization of the user

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Status	Current status of the employee
Employee Type	Type of employee
Manager ID	ID of the Manager to whom the user reports
Source	User creation source
Disabled Date	Date at which the user is disabled
Updated By	Users who updated the record

21.3.6.6 Users Unlocked

This report provides the ability to view the details of users whose disabled accounts are unlocked by administrators. Delegated administrators of the organizations to whom the user belongs may enable the accounts.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Type	Type of employee
Unlocked Date From	Start date of user unlocked
Unlocked Date To	End date of user unlocked
Organization	Organization of the user

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
Employee Status	Status of the user
Employee Type	Type of employee
Manager ID	ID of the Manager to whom the user reports
Source	User creation source
Unlocked Date	Date at which the user is unlocked
Updated By	User who updated the record

21.3.7 Certification Reports

Certification reports select data from the certification tables of the Oracle Identity Manager database.

There are a list of predefined or default certification reports in Oracle Identity Manager. Table 21-1 lists the default certification reports for each type of certification.

Table 21-1 Default Certification Reports

Certification Type	Certification Report	Description
User certification	Complete Certification Report	Presents comprehensive data of a user certification. This report includes a list of all employees and their access.
User certification	Certified Access Report	Lists access marked as certified.
User certification	Revoked Access Report	Lists access marked as revoked.
User certification	Abstained Access Report	Lists certification items that the certifier declined to complete because the certifier is not responsible for verifying the user's assigned roles and entitlements.
User certification	Certified Conditionally Access Report	Lists access that the certifier approved temporarily, even though the access may not be appropriate or justified in the long term. Reviewers are required to enter an end date, which is included in this report. However, the access is not revoked and notices are not sent out about expired end dates.
User certification	Complete Certification Task Report	Presents user-certification data based on certification tasks. This is a subset of the Complete Certification Report.
Role certification	Complete Certification Report	Presents comprehensive data of a role certification.
Role certification	Certified Access Report	Lists entitlements marked as certified.
Role certification	Revoked Access Report	Lists entitlements as revoked.
Role certification	Abstained Access Report	Lists certification items that the certifier declined to complete because the certifier is not responsible for verifying the role's assigned memberships.
Role certification	Certified Conditionally Access Report	Lists access that the certifier approved temporarily, even though the access may not be appropriate or justified in the long term. Reviewers are required to enter an end date, which is included in this report. However, the access is not revoked and notices are not sent out about expired end dates.
Role certification	Complete Certification Task Report	Presents role-certification data based on certification tasks. This is a subset of the Complete Certification Report.
Application instance certification	Complete Certification Report	Presents comprehensive data of an application instance certification.
Application instance certification	Certified Access Report	Lists entitlements marked as certified.
Application instance certification	Revoked Access Report	Lists entitlements marked as revoked.
Application instance certification	Abstained Access Report	Lists certification items that the certifier declined to complete because the certifier is not responsible for verifying the application instances's assigned users and accounts.
Application instance certification	Certified Conditionally Access Report	Lists access that the certifier approved temporarily, even though the access may not be appropriate or justified in the long term. Reviewers are required to enter an end date, which is included in this report. However, the access is not revoked and notices are not sent out about expired end dates.
Application instance certification	Complete Certification Task Report	Presents certification data for application instances based on certification tasks. This is a subset of the Complete Certification Report.
Entitlement certification	Complete Certification Report	Presents comprehensive data of an entitlement certification.
Entitlement certification	Certified Access Report	Lists access marked as certified.
Entitlement certification	Revoked Access Report	Lists access marked as revoked.
Entitlement certification	Abstained Access Report	Lists certification items that the certifier declined to complete because the certifier is not responsible for verifying the entitlement's assigned accounts and attributes.
Entitlement certification	Certified Conditionally Access Report	Lists access that the certifier approved temporarily, even though the access may not be appropriate or justified in the long term. Reviewers are required to enter an end date, which is included in this report. However, the access is not revoked and notices are not sent out about expired end dates.
Entitlement certification	Complete Certification Task Report	Presents entitlement-certification data based on certification tasks. This is a subset of the Complete Certification Report.

21.3.8 Identity Audit Reports

An IDA Policy Violation report can be generated for a Policy, Scan Stop Date, Manager, Remediator or selected users.

IDA Policy Violation Reports are available for download from Reports link in the Compliance tab of Oracle Identity Self Service.

The following types of reports are available:

• Closed Policy Violation Report: Contains all the policy violations that are in Closed state.

• Remediation Completed Policy Violation Report: Contains all the policy violations that are in Remediation Completed state.

• Expired Policy Violation Report: Contains all the policy violations that are in Expired state.

• Remediation In Progress Policy Violation Report: Contains all the policy violations that are in Remediation In Progress state.

• Remediation Under Review Policy Violation Report: Contains all the policy violations that are in Remediation Under Review state.

• Open Policy Violation Report: Contains all the policy violations that are in Open state.

• Preview Policy Violation Report: Contains all the policy violations that are in Preview state.

• Assigned Policy Violation Report: Contains all the policy violations that are in Assigned state.

21.3.9 Exception Reports

The exception reports are Fine Grained Entitlement Exceptions By Resource, Orphaned Account Summary Report, and Rogue Accounts By Resource.

This section describes about the exception reports in the following topics:

• About Exception Reports

• Fine Grained Entitlement Exceptions By Resource

• Populating the Data for Account Audit and Reconciliation Exceptions

• Migrating Legacy Data

• Orphaned Account Summary Report

• Rogue Accounts By Resource

21.3.9.1 About Exception Reports

In Oracle Identity Manager, exception refers to the difference between accounts that a user is entitled to and the accounts that are actually assigned to a user. The user is assigned these accounts as a result of access policies, provisioning of resources, approval requests, and reconciliation events. Any difference of these accounts assigned to a user in the target system and the ones assigned to the user in Oracle Identity Manager comprises an exception. Exception reports are enabled by default.

Oracle Identity Manager provides the following exception reports:

• Rogue Accounts By Resource

  This report returns a list of all the rogue accounts existing in a resource. The following exceptions are reported:

  • Account exists in the target system, but has been deprovisioned for the corresponding user in Oracle Identity Manager

  • Account exists and is active in the target system, but account does not exist in Oracle Identity Manager (user exists)

  • Account exists and is active in the target system, but user does not exist in Oracle Identity Manager

  • Account exists and is active in the target system, but Oracle Identity Manager user has been disabled

  • Account exists and is active in the system target, but Oracle Identity Manager user has been deleted

• Orphaned Account Summary Report: An account that exists in the target system, but the corresponding user to whom the account is provisioned has been deleted in Oracle Identity Manager. For the given input resource, it lists the rogue accounts that exist in the target system, but the corresponding users to whom the accounts are provisioned has never existed in Oracle Identity Manager.

• Fine Grained Entitlement Exceptions By Resource

  This report returns a list of all the accounts in a resource for which the process form data being reconciled is different from the expected values. It means that this report returns any account existing in the target system that is also provisioned to the corresponding user in Oracle Identity Manager, but for which the process data does not match.

  Note:

  • After completion of initial target reconciliation, all account-related activities performed directly on a target resource are tracked as exception activity. Account-related activities include account creation, account modification, and entitlement assignment/revocation. The exception reports should be used only if the organization policies enforce that all account-related activities in target resources would always be initiated in Oracle Identity Manager. In addition, remember that exception detection and recording are an extension of account data reconciliation and, therefore, may result in a drop in performance during reconciliation.

  • All the exception reports depend on reconciliation data. Therefore, these reports will not display any data if the corresponding reconciliation events are archived.

21.3.9.2 Fine Grained Entitlement Exceptions By Resource

This report enables administrators, signing officers, internal and external auditors to analyze discrepancies in various process forms and related child tables of various resources and mitigate material weaknesses in the resources through remediation activities.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Employee Type	Type of the employee such as fulltime, part time
Organization Name	Name of the organization
Role Name	Name of the role

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Name	Name of the resource
User ID	ID of the user
First Name	First name of the user
Last Name	Last name of the use
Organization Name	Name of the organization
Employee Status	Status of the user
Employee Type	Type of the user
Reviewer First Name	First name of the reviewer
Reviewer Last Name	Last name of the reviewer
Unique ID Attribute	Unique ID attribute in account profile
Unique ID Value in Account Profile	Unique ID value in account profile

Columns

The following table lists the columns of the report:

Report Column	Description
Form Name	Name of the form
Form Type	Type of the form
Form Field Name	Field name of the form
Expected Form Field Value	Old value of the field
Actual Form Field Value	New value of the field

Note:

Before running this report, you must populate data for account audit and reconciliation exceptions.

To populate the data for account audit and reconciliation exceptions:

1. Provision an user to any target.

2. Modify any of the user's attribute in the target and reconcile the user.

3. Find data in UPA_UD_FORMFIELDS and UPA_UD_FORMS tables.

4. Go to Oracle Identity Manger server and run RefreshMaterializedViewScheduler Task.

5. Log in to BIP and view the report.

21.3.9.3 Populating the Data for Account Audit and Reconciliation Exceptions

To populate the data for account audit and reconciliation exceptions:

1. Provision an user to any target.
2. Modify any of the user's attribute in the target and reconcile the user.
3. Find data in UPA_UD_FORMFIELDS and UPA_UD_FORMS tables.
4. Go to Oracle Identity Governance server and run the Refresh Materialized View scheduled job.
5. Log in to BI Publisher and view the report.

21.3.9.4 Migrating Legacy Data

In this release, performance optimization is achieved by running the Refresh Materialized View scheduled job. This scheduled job makes appropriate data available to OIG materialized view that is required for the Fine Grained Entitlement Exceptions By Resource report.

As part of performance optimization, there are some data model changes that require legacy data to be migrated to the new data model for you to continue viewing legacy data in the Fine Grained Entitlement Exceptions By Resource report. Data Migration will migrate all the legacy data to new UPA_UD_MVIEW_STORE table. As a result, all legacy data will be visible in the Fine Grained Entitlement Exception By Resource report.

Data generated post upgrade or fresh install automatically uses the new data model.

Note:

This section is applicable only if you are using an upgraded or freshly installed deployment of Oracle Identity Governance. The procedure described in this section is a one time activity.

To perform legacy data migration:

1. Disable the Issue Audit Messages and Refresh Materialized View scheduled tasks.
2. Tune REDO and UNDO sufficiently.

   See Managing the REDO Log and Managing UNDO in Oracle Database Administrator's Guide for information about REDO and UNDO respectively.

3. Collect table statistics for the UPA_UD_FORMS, UPA_UD_FORMFIELDS, UPA_UD_MVIEW_STORE, SDK, PRF, OIU, OBI, SDC, OBJ, and UPA_RESOURCE tables. To do so, run the following command for all the tables:

   SQL> EXEC dbms_stats.gather_table_stats(USER, 'TABLE_NAME',
   cascade=>TRUE);

4. Enable PL/SQL diagnostic logging by modifying the value of the OIM.DBDiagnosticLevelMviewMig system property to FINEST.

   See Default System Properties in Oracle Identity Governance for information about the OIM.DBDiagnosticLevelMviewMig system property.

5. Drop the indexes on the UPA_UD_MVIEW_STORE table, as shown. This is to speed up the migration process. You will re-create the indexes after the migration is completed.

   SQL> DROP INDEX idx_upaud_mviewstore_forms_key;
   SQL> DROP INDEX idx_upaud_mv_store_showrep;

6. Run the DBMS scheduled job to start legacy data migration from the command line or SQL Developer or Oracle Enterprise Developer. The following example shows running the job from command line:

   SQL> EXEC dbms_scheduler.run_job('OIM_MVIEW_LEGACY_MIG');

7. Track the progress of the migration by using the following diagnostic logging tables:

   SQL> SELECT * FROM diag_log ORDER BY 1 DESC;
   SQL> SELECT * FROM diag_log_dtls ORDER BY 2 DESC, 1;

   To track the progress of the DBMS scheduled job, query the data dictionary table, as shown:

   SQL> SELECT * FROM user_scheduler_job_run_details WHERE
   job_name='OIM_MVIEW_LEGACY_MIG';

8. When migration has been successfully completed, re-create the two indexes on the UPA_UD_MVIEW_STORE table, as shown:

   SQL> CREATE INDEX idx_upaud_mviewstore_forms_key ON
   upa_ud_mview_store(upa_ud_forms_key,upa_ud_formfields_key);
   SQL> CREATE INDEX idx_upaud_mv_store_showrep ON
   upa_ud_mview_store(showrep);

9. Collect table statistics for the UPA_UD_MVIEW_STORE table.

   SQL> EXEC dbms_stats.gather_table_stats(USER, 'UPA_UD_MVIEW_STORE',
   cascade=>TRUE);

10. Run the Refresh Materialized View scheduled job.
    This populates the required reporting tables with all the legacy data for the Fine Grained Entitlement Exception By Resource report.
11. After the Refresh Materialized View scheduled job run completes, login to BI Publisher and navigate to the Fine Grained Entitlement Exception By Resource report. Enter the desired input, and click Apply.
    You can view all the legacy data in the Fine Grained Entitlement Exception By Resource report.
12. Enable the Issue Audit Messages and Refresh Materialized View scheduled tasks.
13. Disable PL/SQL diagnostic logging by setting the value of the OIM.DBDiagnosticLevelMviewMig system property to NONE.

21.3.9.5 Orphaned Account Summary Report

It lists the rogue accounts for the input resource for which a user existed in the target system, but the associated user to whom the account is provisioned never existed in Oracle Identity Manager.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
Reconciliation Date Range From	Start date of reconciliation
Reconciliation Date Range To	End date of reconciliation

Fields

N/A

Columns

The following table lists the columns of the report:

Report Column	Description
Resource	Name of the resource
Account Information	Information of the orphaned account
Account Detail	Details of the account associated with this orphaned account
Reconciliation Date	Date of reconciliation

21.3.9.6 Rogue Accounts By Resource

This report includes all rogue accounts for the input resource. This enables administrators, signing officers, internal and external auditors to identify material weaknesses in the resources and plan their mitigation through remediation activities.

Input Parameters

The following table lists the input parameters for the report.

Report Parameter	Description
Resource Name	Name of the resource
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization Name	Organization of the user
User Status	Status of the user
User Type	Type of the user
Exception Type	Type of exception

Fields

The following table lists the fields of the report:

Report Field	Description
Resource Type	Type of resource

Columns

The following table lists the columns of the report:

Report Column	Description
Exception Type	Type of exception
First Name	First name of the user
Last Name	Last name of the user
User ID	ID of the user
Organization	Organization of the user
User Status	Status of the user
User Type	Type of the user
Account Details	Details of the rogue account
Reviewer First Name	First name of the reviewer
Reviewer Last Name	Last name of the reviewer
Reviewer User ID	User ID of the reviewer

21.4 Required Scheduled Tasks for Oracle Analytics Server Reports

The RefreshMaterializedView, IssueAuditTask, Entitlement List, Entitlement Assignment, and Entitlement Updates scheduled tasks are required for Oracle Analytics Server reports.

Table 21-2 lists the scheduled tasks required for Oracle Analytics Server reports:

Table 21-2 Scheduled Tasks for Oracle Analytics Server Reports

Report Name	Scheduled Task Name	Description
Fine Grained Entitlement Exceptions By Resource	RefreshMaterializedView	To refresh the Materialized View used in this report with the latest data
User Profile History	IssueAuditTask	To populate the audit tables with the latest data
User Unlocked	IssueAuditTask	To populate the audit tables with the latest data
User Membership History	IssueAuditTask	To populate the audit tables with the latest data
Role Membership History	IssueAuditTask	To populate the audit tables with the latest data
Resource Access List History	IssueAuditTask	To populate the audit tables with the latest data
User Resource Access History	IssueAuditTask	To populate the audit tables with the latest data
Resource Activity Summary	IssueAuditTask	To populate the audit tables with the latest data
Password Reset Summary	IssueAuditTask	To populate the audit tables with the latest data
Entitlement Reports	Entitlement List	To populate the Entitlement List table with the marked entitlements
Entitlement Reports	Entitlement Assignment	To populate the Entitlement Assignment tables with the assigned entitlements
Entitlement Reports	Entitlement Updates	To populate the latest data into the Entitlement Assignment tables, if any entitlement has assigned to any user periodically or later

21.5 Best Practices for Running Oracle Identity Governance Reports

Some of the best practices to be followed for Oracle Analytics Server reports include not running the reports with null value in date range parameters and running the reports with the set of values as input parameters to provide the selectivity.

As a best practice, you must consider the following points before running Oracle Analytics Server reports:

• Do not run Oracle Identity Manager reports with null value in date range parameters. You must run Oracle Identity Manager reports always with date range values in data range parameters, otherwise report will not display anything.

• Invoke the reports with the set of values as input parameters to provide the selectivity, thus improving the performance.

• By default, the System Administrator user of Oracle Identity Manager has all the permissions to login to Oracle Analytics Server and access all the Oracle Identity Manager Reports.