Use data queries with the Multiple object history query module to create reports about multiple objects with historical data that can be further restricted by a particular criterion. This could be all identities with a certain last name.
Table 156: Properties of data source multiple object history
Name |
Name of the data source. |
Description |
Description of data source. |
Max. lines |
Maximum number of result lines for this query.
NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report. |
Parent query |
Not used. |
Query module |
Select the Multiple object history query module. |
Table |
Select the table to find the object in. |
Minimum date or range |
Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected One Identity Manager History Database databases is determined. Add these parameters subsequently to the report by entering them on the Parameters tab. |
Columns |
Columns for which the changes are determined. |
Criteria |
Column, table, and value used for further narrowing down the objects found. The value can be queried directly or as a parameter. Add these parameters subsequently to the report by entering them on the tab Parameters. |
The data query returns the following columns.
Table 157: Columns from a data query using single object history
ChangeID |
Unique identifier (UID) for the record. |
ObjectKey |
Object key or the record. |
ObjectUID |
Unique identifier (UID) for the modified objects. |
User |
Name of user that caused the change. |
ChangeTime |
Time of change |
ChangeType |
Type of change (Insert, Update, Delete) |
Columnname |
Name of column whose value has changed. |
ColumnDisplay |
Display name of column whose value has changed. |
OldValue |
Old column value. |
OldValueDisplay |
Old column display value. |
NewValue |
New column value. |
NewValueDisplay |
New value display value. |
Example:
A history of all identities with the last name "Name1" should be created. The report data can be defined in the following way:
Table: |
Person |
Min. Date |
MinDate |
Criteria: column |
Lastname |
Criteria: value |
Name1 |
Related topics
Use data queries with the Historical assignments query module to create reports with historical data from object assignments, for example, identity role memberships. This type is used for queries through foreign key relations as well as through assignment tables (many-to-many tables) and child relations.
Table 158: Properties of data source historical assignments
Name |
Name of the data source. |
Description |
Description of data source. |
Max. lines |
Maximum number of result lines for this query.
NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report. |
Parent query |
In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries. |
Query module |
Select the Historical assignments query module. |
Assignment direction |
Assignment to be used in the report. Permitted values are Assignments (CR & MN) and Referenced objects (FK). |
Table |
Table for the assignment. |
Minimum date or range |
Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected One Identity Manager History Database databases is determined. Add these parameters subsequently to the report by entering them on the Parameters tab. |
Criteria column |
Column in the table for linking to the base object. |
Criteria value |
The value of the criteria column can be queried directly or using parameters. Add these parameters subsequently to the report by entering them on the Parameters tab. Columns in a parent query are formatted with the following syntax:
<parent query name>.<parent query column> |
Foreign key to query |
Foreign key to retain historical assignments. |
Disabling columns |
Certain tables contain columns that can disable an object, for example, the AccountDisable column in the ADSAccount table. Enter these columns if an assignment should be labeled as "Deleted" when disabled and "Added" if enabled. |
Additional object columns |
Enter the columns from the table that should also be available in the report. |
Additional criteria |
Column of the table and value for further restriction of the base object. |
The data query returns the following columns. In addition, columns are supplied that are edited like object columns.
Table 159: Columns from a data query using historical assignments
BaseKey |
Object key for assignment base object. |
BaseUID |
Base object unique identifier. |
ObjectKey |
Assignment object key. |
DestinationKey |
Object key for assignment target object. |
DestinationUID |
Target object unique identifier. |
Display |
Target object display value. |
CreationUser |
User that created the assignment. |
CreationTime |
Time of assignment. |
DeletionUser |
User that deleted the assignment. |
DeletionTime |
Time of deletion. |
Type |
More detailed specification of the assignment, for example, assignment table name or target system type. |
Origin |
Bitmask for mapping the type of assignment. |
OriginDisplay |
Display name of the bitmask for mapping the type of assignment. |
Related topics
To select the simulation data generated during simulation in the Manager in a report, use the following query modules:
-
You can apply the Front-end simulation result query module to all parts of a simulation apart from rule violation analysis.
-
You can use the Front-end Simulation Result for Compliance query module to publish the rule violation analysis in the report.
Table 160: Data source front-end simulation result properties
Name |
Name of the data source. |
Description |
Description of data source. |
Query module |
Select the Front-end simulation result query module. |
Parent query |
Not used. |
Simulation analysis |
Defines which part of the simulation analysis is shown in the report.
Permitted values are:
-
Überblick: Shows which actions were triggered through changes made during the simulation in an overview.
-
Changed properties: Shows objects and their properties affected by the changes made during simulation.
-
DBQueue: Shows the calculation tasks for the DBQueue Processor resulting from changes made during simulation.
-
Trigger changes: Shows all changes made to objects during simulations due to triggering.
-
Generated processes: Shows processes and process steps generated during simulation due to the changes. |
Table 161: Data source front-end simulation result for compliance properties
Name |
Name of the data source. |
Description |
Description of data source. |
Query module |
Select the query module Frontend Simulation Result for Compliance. |
Parent query |
Not used. |
Related topics
A report can contain several parameters that are determined when the report is created or when an email notification is generated and passed to the report. The generated report is then displayed or send by email to the subscriber corresponding to the report subscription set up. The user can query the report parameters before the report is displayed. This means, you can, for example, limit the time period or pass specific departments for displaying the report.
Report parameters are grouped internally into parameter sets. A separate parameter set is automatically created for very report, every subscribable report, and every report subscription. The parameters and their settings are passed down in the sequence report->subscribable report->report subscriptions.
Figure 32: Report parameter inheritance
You can configure report parameters at several places.
Parameters for reports
Define the report parameters to use when you create the report in the Report Editor. This is where you specify which report parameters are viewable or writable and which are already predefined in a subscribable report.
Parameters for subscribable reports
When you add a subscribable report viewable parameters are displayed in the Manager. You can make further changes to these report parameters assuming they can be overwritten. That means, you specify which report parameters can be viewed or overwritten by Web Portal users and define parameter values.
Parameters for report subscriptions
Report parameters labeled as viewable and editable in subscribable reports, are shown to Web Portal users when they are setting up their personal report subscriptions. If the report parameters are editable, Web Portal users can modify the values in them.
NOTE: In the report, you must define all the report parameters that users can apply. For example, when the report is displayed, when subscribable reports are generated in the Manager, or in Web Portal report subscriptions.
Detailed information about this topic