Is it not possible to print out the result of a completed review?
I need to show it to the IT audit Team.
You can create a report that would contain the status data you need around reviews and export it to whatever format you want. What do you exactly want to show your audit team there around review completions? Is it high level updates around what review runs were completed and what weren't? or do you need lower level details on what components were reviewed (maintained/revoked) inside each review run?
also, you can save it from review itself if you need
then print that file
However, as per Ahmed comments, what is it that Audit needs?I would have thought that as soon as you save/print something its
1) out of date
2) open to have been edited?
Giving the audit team read only access to see the results from Reviews, seems like a better/easier options overall maybe?
Thank you for taking time to answer my question.
I need lower level details, so I can pull a report of users for a specific entitlement.
Ex. I need to get a detailed report of all users who have the Admin role, and what the reviewer did (maintain, revoke, etc.)
I tried to give the audit team access, but they are not technical at all, so they didn't understand what the saw. So they would rather have a report printed out.
So the following query mainly gets you details around the latest reviewed state on the access item for all users, who is being reviewed on the item, who reviewed it and the reviewer actions taken on the item. The following query will also prompt you to enter an entitlement/role name.
SELECT e.entitlement_name AS entitlement_name, e.ent_types AS entitlement_type, CASE WHEN rc.last_reviewed_item_state = 'Revoke' THEN 'Reviewer Action: Revoked' WHEN rc.last_reviewed_item_state = 'Maintain' THEN 'Reviewer Action: Maintained' ELSE 'Not Reviewed' END AS last_review_item_state, rc.last_item_reviewed_date AS last_item_reviewed_date, meu_rvwer.last_name || ', ' || meu_rvwer.first_name AS reivewer_full_name, meu_rvwer.user_id AS reviewer_user_id, meu_rvwee.last_name || ', ' || meu_rvwee.first_name AS reviewee_full_name, meu_rvwee.user_id AS reviewee_user_id, r.name AS reviewed_in_review_nameFROM pv_user_last_review_component rc JOIN pv_review r ON r.id = rc.last_review_id JOIN v_unified_ents e ON e.id = rc.last_review_item_id JOIN pv_users meu_rvwee ON meu_rvwee.id = rc.last_reviewee_id JOIN pv_users meu_rvwer ON meu_rvwer.id = rc.last_item_reviewed_byWHERE r.review_type = 'User' AND r.category = 'Access Review' AND e.entitlement_name like :ENT_OR_ROLE_NAME;
If you want to just hardcode the ent/role name with each query run, you can replace the last line of the above query with:
AND e.entitlement_name =<ENTITLEMENT_OR_ROLE_NAME> ;
<ENTITLEMENT_OR_ROLE_NAME> is to be replaced with an actual name.
After you validate the results coming from the query, you can create a report with it. The Report by default will create a field on the left for the first query since it contains a variable where you can input the variable value on the report side, save & run it. Whenever you want to change the value of the ent/role name, you will need to edit the report > head to the query section > edit the variable field value on the right > save & run. You can of course export the report run to whatever format you like that IG&L's report engine provides (xlsx, pdf, csv, etc..) if you going to manually run the report, or you can even schedule the report to run and get the attachment sent in the desired report format via mail the designated recipients if you configure that in the report definition accordingly.
I hope this fits well with your requirement there.
Retrieving data ...