000036392 - How to interpret the RSA Identity Governance & Lifecycle User Access Review User Entitlement Coverage report.

How to interpret the RSA Identity Governance & Lifecycle User Access Review User Entitlement Coverage report

1. Create a review by selecting Reviews/Definitions from the menu and then clicking Create Review Definition.
2. Create a review of type User Access.
3. Edit the review and click Run Review to generate the review.
4. From the Results tab, view the results from the review.
5. Click the Application Coverage button within the User Access review to bring up the User Entitlement Coverage report.

The User Entitlement Coverage report is used byrReport administrators to validate what entitlements are and are not in the review.  Since the User Access review is user review, only entitlements related to users selected for the review are in the review.   Depending on what users are selected, only a subset of the entitlements for each application will be selected.

• The Total Ents in Review column shows how many entitlements are associated with users selected for the review.
• The Total Ents Not in Review column shows how many entitlements are associated with users that are not selected for the review.
• The Total Ents column shows the total entitlements for each application.
• The % Coverage is an indication of what percentage of entitlements for this application are reviewed.

The values in the Total Ents in Review and Total Ents Not in Review columns are hyperlinks.  If you click on these values it will provide more detail on what items are in each category.

Clicking on an Ents in Review item will bring up the report named User Entitlements which are part of the review for Specific Application.  This report shows the users that were selected for the review for each of the applications.

Clicking on an Ents Not in Review item will bring up the report named User Entitlements which are not part of the review for Specific Application.

The most common reason for Users to be listed on the User Entitlements which are not part of the review for Specific Application report is when these users are deleted users.  By default, deleted users are not part of the users selected for a report, but deleted users may still have application entitlements associated with them.  

If you wish to include deleted users on the report then you should enable the Include Deleted Users checkbox.  This is located on the User Selection tab on the Edit Review Definition page.