SecurID® Governance & Lifecycle Recipes
RSA IGL Version: V 7.2.x
Modules: Governance
Product Area: Charts, Single Series (Applied to Active Directory Summary Dashboard)
Associated Dashboard & Report:
- RSA IGL Recipes : Dashboard - Active Directory (AD) Summary
- RSA IGL Recipes: Report - AD Group Summary
Time to apply: ~20 minutes
Summary
This chart provides key information about all AD Groups
The goal of this chart is to understand all AD groups and any potential risk they might pose.
The chart can be used by Admin/AD Teams to be get better visibility into the risk of groups, eg. any groups which dont have owners set.
This chart requires the key word: "addashboard" to be added within the description of the AD Account Collector.
This key word can be added to more than one Account Collector if required.
Other useful links
- RSA IGL Recipes - The 12 Dashboards of Christmas - Summary
- https://community.rsa.com/community/products/governance-and-lifecycle/exchange/recipes/blog/2019/11/06/reports-charts-dashboards-what-are-they-and-how-can-you-build-them
- Other Dashboards: Click here for more Dashboards
Example Image (Click to enlarge)
Key Notes
- This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk.
- If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
- If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
- Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.
Details
This chart includes a breakdown of the following key items when it comes to AD groups:
- Active Groups
- Never Reviewed Groups
- Empty Groups (No members)
- Groups without an Owner
The value are shown as a percentage, however if you move over the Pie chart, it will also show the exact value.
Chart SQL
First test this in your query tool (SQLDeveloper, Toad etc..)
(select --v3
t2.information,
case when t3.total is null then t2.total else t3.total end as Total
from
( --we need to list out all the values first, so that we can collect '0' values. otherwise it wouldnt show in the report
select distinct
'Active Groups' as Information,
cast(('0') as number) as total
from dual
union all
select distinct
'Never Reviewed Groups' as Information,
cast(('0') as number) as total
from dual
union all
select distinct
'Empty Groups' as Information,
cast(('0') as number) as total
from dual
union all
select distinct
'Groups Without Owner' as Information,
cast(('0') as number) as total
from dual
union all
select distinct
'''Admin'' Groups' as Information,
cast(('0') as number) as total
from dual
) t2
left outer join
(
select
*
from
(
select
'Active Groups' as Information,
count(id) as Total,
ADC_ID
from Avuser.V_ALL_GROUPS
where DELETION_DATE is null
group by ADC_ID
union all
select
'Never Reviewed Groups' as Information,
count(id) as Total,
ADC_ID
from Avuser.V_ALL_GROUPS
where LAST_REVIEWED_DATE is null
and DELETION_DATE is null
group by ADC_ID
union all
select distinct
'Empty Groups' as Information,
count(vAG.name) as Total,
vAG.ADC_ID
from Avuser.V_ALL_GROUPS vAG
left join
(select distinct
GROUP_ID
from avuser.V_GRP_MEMBERSHIPS vGM
) vGM
on vGM.GROUP_ID = vAG.id
where vGM.group_id is null
and vAG.DELETION_DATE is null
group by vAG.ADC_ID
union all
select
'Groups Without Owner' as Information,
count(id) as Total,
ADC_ID
from Avuser.V_ALL_GROUPS
where OWNER_ID is null
and DELETION_DATE is null
group by ADC_ID
union all
select
'''Admin'' Groups' as Information,
count(id) as Total,
ADC_ID
from Avuser.V_ALL_GROUPS
where DELETION_DATE is null
and lower(name) like '%admin%'
group by ADC_ID
) t1
left join avuser.V_DATA_COLLECTORS tDC
on tDC.id = t1.ADC_ID
where lower(tDC.DESCRIPTION) like '%addashboard%'
) t3
on t3.information = t2.information)
Example of the results:
Chart Implementation
- Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
- Go to "Reports" / "Charts"
- Select "+ Create Chart" button
- Under the "General Tab" add the following details:
- Name: AD Group Summary
- Description:
From RSA IGL Link Community. This chart displays a summary of all groups within Active Directory.
Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
- Type = Single Series Chart
- Under the "Query" Tab, copy the SQL from above.
- "Press the "Preview" button, you should see some results, as per the example image below.
If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first.
If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support - Under the "Columns" Tab, please use the configuration shown in the image below
- Under the "Display Attributes" tab, you should select "PIE 2D". Please also apply these settings, however you can update the wording with what is best for you.
- Under "Title and Axis Names"
- Caption: AD - Group Summary
- Sub Caption: NOTE: Run Tabular Report 'AD Group Summary' for full list of never reviewed groups, groups without owners or empty groups
- Under "Functional attributes"
- Palette: 1
- Select "Show percent values" = Ticked
- Select "Animation" = Ticked
There are MANY other "display attributes" you can play with on this screen, so please update and make changes as you see fit.
- Under "Title and Axis Names"
- Save the new chart
Next Steps
- Please "hit reply" and share your feedback - we would love to see an image of this working in your environment!
- Check out the other content found on the RSA IGL Recipes page: RSA Identity Governance & Lifecycle Recipes
Thank you!
Dont forget:
Please login, then "Like"
