RSA IGL Version: V 7.2.x

Modules: Governance

Product Area: Charts, Single Series (Applied to Active Directory Summary Dashboard)

Associated Dashboard & Report:

• RSA IGL Recipes : Dashboard - Active Directory (AD) Summary 
• https://community.rsa.com/docs/DOC-115205 

Time to apply: ~20 minutes

Summary

This chart provides key information flagged AD "Admin" Groups. 

The goal of this chart is to understand who has access to admin groups. 

The chart can be used by Admin/AD Teams to monitor the access to key "admin" group in AD. 

This chart requires the key word: "addashboard" to be added within the description of the AD Account Collector. 
This key word can be added to more than one Account Collector if required.

Other useful links

• RSA IGL Recipes - The 12 Dashboards of Christmas - Summary 
• https://community.rsa.com/community/products/governance-and-lifecycle/exchange/recipes/blog/2019/11/06/reports-charts-dashboards-what-are-they-and-how-can-you-build-them 
• Other Dashboards: Click here for more Dashboards 

Example Image (Click to enlarge)

Key Notes

• This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk. 
• This chart has an associated report, please ensure you create this too.
• The SQL for this chart looks for any groups that have the custom attibute "Classification", flagged as "Admin" - to do this see the below 2 steps.
• This Chart requires a new "Custom Values" list to be created. Go to "Admin" / "Attributes" / "Customer Values" 
  
• This chart requires a new "Classification" attribute created at the group level:
  
  
• Once this is applied, you can edit groups to set them to be "Admin" Groups. This is recommended for groups like "Domain Admins" etc..
• If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
• If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
  • Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.

Details

This chart includes a breakdown of all the different accounts within AD and if they are associatd to an active or "leaver" user. 

The value are shown as a percentage, however if you move over the Pie chart, it will also show the exact value.

Chart SQL

First test this in your query tool (SQLDeveloper, Toad etc..)

(SELECT
GROUPNAME,
TOTALMEMBERS
FROM
(
select --v3
	GroupName,
	case when t1.TotalMembers is null then CAST('0' AS number(20)) 
		else t1.TotalMembers
	end as TotalMembers
from avuser.V_ALL_GROUPS vAG
left join -- Counts total members
	( 
	select distinct
			vAG.Name AS GroupName,
			CAS3 AS ExternalId,
			count(*) as TotalMembers
		from avuser.V_ALL_GROUPS vAG
		left join avuser.V_GRP_MEMBERSHIPS vGM
			on vGM.GROUP_ID = vAG.id
		left join avuser.V_DATA_COLLECTORS vDC
			on vDC.id = vAG.adc_id
		where vAG.DELETION_DATE is null
			and lower(vDC.DESCRIPTION) like '%addashboard%' 
			and vAG.cas4 = 'Admin'
		group by vAG.Name, cas3
	) t1
	on t1.GroupName = vAG.name
left join avuser.V_DATA_COLLECTORS vDC
	on vDC.id = vAG.adc_id
where vAG.DELETION_DATE is null
	and lower(vDC.DESCRIPTION) like '%addashboard%' 
	and vAG.cas4 = 'Admin'
order by GROUPNAME ASC))‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Example of the results:

Chart Implementation

1. Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
2. Go to "Reports" / "Charts"
3. Select "+ Create Chart" button
   
4. Under the "General Tab" add the following details:
   • Name: AD Admin Groups
   • Description:

     From RSA IGL Link Community. This chart displays all groups flagged as Classification = "admin" and their total members.

     Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.

   • Type = Single Series Chart
     
     
     
5. Under the "Query" Tab, copy the SQL from above.
6. "Press the "Preview" button, you should see some results, as per the example image below.
   

   If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. 
   If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support 

   
   
   
7. Under the "Columns" Tab, please use the configuration shown in the image below
   
   
   
8. Under the "Display Attributes" tab, you should select "Column 3D". Please also apply these settings, however you can update the wording with what is best for you.
   
   • Under "Title and Axis Names"
     • Caption: AD - Admin Groups
     • Sub Caption: NOTE: Run Tabular Report 'AD Admin Group Members' for full list of Admin group membership
       
       
       
   • Under "Functional attributes"
     • Palette: 1
     • Select "Animation" = Ticked
     • Rotate Labels: Ticked
     • Label Display: WRAP
     • Slant Labels: Ticked
       
       
       

       There are MANY other "display attributes" you can play with on this screen, so please update and make changes as you see fit. 

9. Save the new chart

Next Steps

• Please "hit reply" and share your feedback - we would love to see an image of this working in your environment!
• Check out the other content found on the RSA IGL Recipes page: RSA Identity Governance & Lifecycle Recipes 

  

  Thank you! 

  

Dont forget:
Please login, then "Like"  and "Actions/Follow" this page (Top Right), so as to receive updates and be notified if we modify/change items found here, in future.