SecurID® Governance & Lifecycle Recipes
For reference, please see this content first, if you are not already familiar with Dashboards, Reports & Charts:
What are Dynamic reports/charts?
They are a very powerful way to use reports/charts within RSA IGL, to display information dynamically, saving time and effort in creating multiple reports/charts. They use 2 specific built-in parameters which are specified at query definition time and are automatically replaced at run-time with values set by the dashboard system layer.
The 2 built-in parameters include:
- :CurrentUserID — The value of this parameter is automatically replaced by the ID of the currently logged in user.
- This parameter can be used in any dashboard.
- :TargetObjectID — The target ID of the selected object.
- This parameter can only be used in object dashboards and is replaced by the selected object on that dashboard.
Note: Both these values are case sensitive!
Where can I find some examples of Dynamic reports/charts?
Please see the following RSA Link community, selecting the "Dashboards / Charts / Reports" Category:
RSA Identity Governance & Lifecycle Recipes
Using :CurrentUserID in a Query
:CurrentUserID is used to display charts and reports that are specific to the current user who is logged in.
This places an additional filter on the query and permits the customized display of report and chart data for the logged-in user.
For example, a query for a “My Subordinates” report that includes the CurrentUserID parameter would look like this:
select
last_name,
first_name,
supervisor_id
from avuser.pv_users
where supervisor_id = :CurrentUserID
At run-time the report would provide information about only those users who are subordinates of the supervisor.
Using this feature would allow you to create a single report/chart, that is then dynamically updated and shows data, based on who is logged in.
For example, you could create a chart to show the total orphan accounts for each application in the environment.
If you create this chart, it would show a lot of data and wouldn't useful to application owners overall. Each application owner really own cares about their own applications.
Obviously you don't want to create a separate report for each application owner, so instead we use this dynamic value, to create just 1 chart, which is then filtered by the application owner = logged in user.
Now, whenever an application owner logs into RSA IGL, they will only see the information for the application they own. Each app-owner will get a totally different report/chart.
select
Name,
Short_Desc,
Account_Count,
Orphaned_Account_Count
from avuser.pv_application
where business_owner = :CurrentUserID
Using :TargetObjectID in a Query
:TargetObjectID filters the results of a query based on selected target object.
The various "object dashboards" can be found under "admin/dashboards/Object Dashboards" and include the following, as shown in these images:
For example, a query for a chart showing the breakdown of "status" (maintain/revoke/none) for a review result.
select
state,
count(review_item_id) as Total
from avuser.PV_REVIEW_COMPONENT
where review_id = :TargetObjectID
group by state
At run-time the chart would provide the state information for each review result that is selected.
How to find an Example Target Object ID:
- Go to Review/Results
- Select any review (pick one that has been worked on, so there are some results)
- Once the review is open, look at the URL.
- The value you want is found just after "OID=" and then before the "&"
- In this example, the value we want is 25
Here is an example of a dynamic dashboard, for review results, as per this pack found here: RSA IGL Recipes : Dashboard - Review Results "Overview"
Whenever we click into each review, this summary dashboard will dynamically update to display chart information, as shown below. Only one set of
This first example shows us the "All User Access Review-4" with an ID of 20.
This second example, shows us a totally different review = "All User Access Review-7" with an ID of 25
