This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Recipes

SecurID Governance & Lifecycle recipes is a collection of items, to help you get the most out of your product deployment. For example, a useful report with the SQL to implement or a way to achieve some advanced rule processing.

RSA IGL Recipes: Chart - Application - Application Account Status

RSA IGL Version: V 7.2.x

Modules: Governance

Product Area: Charts, Single Series - Dynamic (Applied to Application Object Dashboard)

Associated Dashboard: RSA IGL Recipes : Dashboard - Application Summary 

Time to apply: ~30 minutes

Summary

This chart provides key information about the accounts for a selected application and their status. It is a dynamic chart, that has flexible configuration options, allowing you to decide how you want to show and group the data displayed. 

The goal of this chart is to understand if you have any risk, where accounts are still owned by "terminated" / "leaver" users. 

The chart can be used by application owners or the admin team to monitor accounts. 

This chart will only work when it is applied dynamically to the Application object dashboard.

Other useful links

 

Example Image (Click to enlarge)

pastedImage_1.png

 

Key Notes

  • This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk. 
  • If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
  • If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
    • Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.

 

Details

This chart includes the following key information, you can click the chart legend to show/hide results: 

  • Active Users = Accounts which are owned by an "active" user
  • Terminated and Deleted Users = Accounts owned by a user who is both "Terminated" and "Deleted"
  • Terminated Only Users = Accounts owned by a user who is only "Terminated"

 

Chart Dynamic Values

The following value needs to be used when creating the chart, however the value will update dynamically when used within the dashboard.

  • TargetObjectID: This is used dynamically within the application itself, the value will automatically be updated, whenever you view an application. When viewing the chart, you need to give it some value, so it can work against something. Please go to an application you have and find its "OID". Use this value in the TargetObjectID, so the chart has something to use. 

How to find an Example Target Object ID:

  • Go to Resources/Applications
  • Select any application (pick one that has multiple accounts and some orphans)
  • Once the application is open, look at the URL.
  • The value you want is found just after "OID=" and then before the "&"
  • In this example, the value we want is 14
    pastedImage_4.png

 

Chart SQL

First test this in your query tool (SQLDeveloper, Toad etc..)

 

 

 

(select 'Terminated and Deleted Users' as Information, count(distinct pA.NAME) as Total from avuser.PV_ACCOUNT pA left join avuser.PV_USER_ACCOUNT_MAPPING pUAM on pUAM.Account_id = pA.ID left join avuser.V_USERS pU on pU.ID = pUAM.User_ID where pA.application_id
    =:TargetObjectID and pA.deletion_date is null and pU.IS_DELETED = 1 and pU.IS_TERMINATED = 1 union all select 'Active Users' as Information, count(distinct pA.NAME) as Total from avuser.PV_ACCOUNT pA left join avuser.PV_USER_ACCOUNT_MAPPING pUAM on
    pUAM.Account_id = pA.ID left join avuser.V_USERS pU on pU.ID = pUAM.User_ID where pA.application_id =:TargetObjectID and pA.deletion_date is null and pU.IS_DELETED = 0 and pU.IS_TERMINATED = 0 union all select 'Terminated Only Users' as Information,
    count(distinct pA.NAME) as Total from avuser.PV_ACCOUNT pA left join avuser.PV_USER_ACCOUNT_MAPPING pUAM on pUAM.Account_id = pA.ID left join avuser.V_USERS pU on pU.ID = pUAM.User_ID where pA.application_id =:TargetObjectID and pA.deletion_date is
    null and pU.IS_DELETED = 0 and pU.IS_TERMINATED = 1 )‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

 

 

 

 

Example of the results:

pastedImage_5.png

 

 

Chart Implementation

  1. Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
  2. Go to "Reports" / "Charts"
  3. Select "+ Create Chart" button
    pastedImage_4.png
  4. Under the "General Tab" add the following details:
    • Name: Application - Account User Status
    • Description: From RSA IGL Link Community. This chart provides information on the status of the users are linked to accounts. The chart is dynamic and only works when applied within an "application" object dashboard.
    • Type = Single Series Chart
      pastedImage_6.png

  5. Under the "Query" Tab, copy the SQL from above
  6. Update the TargetObjectID  as noted above.
  7. Press the "Preview" button, you should see some results, as per the example image below.
    If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. 
    If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support 
    pastedImage_7.png

  8. Under the "Columns" Tab, please use the configuration shown in the image below.
    pastedImage_8.png

  9. Under the "Display Attributes" tab, you should select "Pie 2D". Please also apply these settings, however you can update the wording with what is best for you.
    • Under "Title and Axis Names"
      • Caption: User Status for Application Accounts
      • Sub Caption: Recommendation: Remove any accounts that are owned by Terminated/Deleted Users
        pastedImage_9.png

    • Under "Functional attributes"
      • Select "Animation" = ticked
      • "Palette" = 1
      • Select "Show Labels"  = ticked
      • Select "Show Values" = ticked
      • Select "Rotate labels" = ticked
        pastedImage_10.png

There are MANY other "display attributes" you can play with on this screen, so please update and make changes as you see fit. 

pastedImage_11.png

 

Next Steps

 

Dont forget:

 

Please login, then "Like"  and "Actions/Follow" this page (Top Right), so as to receive updates and be notified if we modify/change items found here, in future.

 

pastedImage_4.png

 

Labels (1)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎2022-08-03 09:19 AM
Updated by:
Administrator Administrator

Related Content

Article Dashboard
© 2023 RSA Security LLC or its affiliates. All rights reserved.