RSA IGL Recipes: Chart - Application - Application Orphan Summary

Document created by Jamie Pryer Employee on Dec 1, 2020Last modified by Jamie Pryer Employee on Dec 3, 2020
Version 2Show Document
  • View in full screen mode

RSA IGL Version: V 7.2.x

Modules: Governance

Product Area: Charts, Single Series - Dynamic (Applied to Application Object Dashboard)

Associated Dashboard: RSA IGL Recipes : Dashboard - Application Summary 

Time to apply: ~30 minutes



This chart provides key information about the accounts for a selected application and how many are orphan. It is a dynamic chart, that has flexible configuration options, allowing you to decide how you want to show and group the data displayed. 

The goal of this chart is to understand if you have any risk, where accounts are orphan and have no owner set. 

The chart can be used by application owners or the admin team to monitor accounts. The recommendation is <10% orphans if posisble.

This chart will only work when it is applied dynamically to the Application object dashboard.


Other useful links


Example Image (Click to enlarge)


Key Notes

  • This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk. 
  • If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
  • If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
    • Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.



This chart includes the following key information, you can click the chart legend to show/hide results: 

  • Orphan = Accounts which are orphan and do not have an identity associated with them
  • Not Orphan = Accounts which are owned by an identity


Chart Dynamic Values

The following value needs to be used when creating the chart, however the value will update dynamically when used within the dashboard.

  • TargetObjectID: This is used dynamically within the application itself, the value will automatically be updated, whenever you view an application. When viewing the chart, you need to give it some value, so it can work against something. Please go to an application you have and find its "OID". Use this value in the TargetObjectID, so the chart has something to use. 

How to find an Example Target Object ID:

  • Go to Resources/Applications
  • Select any application (pick one that has multiple accounts and some orphans)
  • Once the application is open, look at the URL.
  • The value you want is found just after "OID=" and then before the "&"
  • In this example, the value we want is 14


Chart SQL

First test this in your query tool (SQLDeveloper, Toad etc..)

    'Orphan' as Title,
    nvl(orphaned_account_count,0) as result
from avuser.PV_Application
where ID =:TargetObjectID
Union All
    'Non-Orphan' as Title,
    nvl(account_count,0) - nvl(orphaned_account_count,0) as result
from avuser.PV_Application
where ID =:TargetObjectID


Example of the results:



Chart Implementation

  1. Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
  2. Go to "Reports" / "Charts"
  3. Select "+ Create Chart" button
  4. Under the "General Tab" add the following details:
    • Name: Application - Orphan Account Summary
    • Description: From RSA IGL Link Community. This chart provides information on the status of orphan accounts. The chart is dynamic and only works when applied within an "application" object dashboard.
    • Type = Single Series Chart

  5. Under the "Query" Tab, copy the SQL from above
  6. Update the TargetObjectID as noted above.
  7. Press the "Preview" button, you should see some results, as per the example image below.
    If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. 
    If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support 

  8. Under the "Columns" Tab, please use the configuration shown in the image below.

  9. Under the "Display Attributes" tab, you should select "Pie 2D". Please also apply these settings, however you can update the wording with what is best for you.
    • Under "Title and Axis Names"
      • Caption: Orphan Account Summary
      • Sub Caption: Recommendation: Try to reduce orphans and have all accounts assigned ownership

    • Under "Functional attributes"
      • Select "Animation" = ticked
      • "Palette" = 1
      • Select "Show Labels"  = ticked
      • Select "Show Values" = ticked

There are MANY other "display attributes" you can play with on this screen, so please update and make changes as you see fit. 

Next Steps

  • Please "hit reply" and share your feedback - we would love to see an image of this working in your environment!
  • Check out the other content found on the RSA IGL Recipes page: RSA Identity Governance & Lifecycle Recipes 


    Thank you! 


Dont forget:


Please login, then "Like"  and "Actions/Follow" this page (Top Right), so as to receive updates and be notified if we modify/change items found here, in future.