SecurID Governance & Lifecycle recipes is a collection of items, to help you get the most out of your product deployment. For example, a useful report with the SQL to implement or a way to achieve some advanced rule processing.
They are a very powerful way to use reports/charts within RSA IGL, to display information dynamically, saving time and effort in creating multiple reports/charts. They use 2 specific built-in parameters which are specified at query definition time and are automatically replaced at run-time with values set by the dashboard system layer.
The 2 built-in parameters include:
:CurrentUserID — The value of this parameter is automatically replaced by the ID of the currently logged in user.
This parameter can be used in any dashboard.
:TargetObjectID — The target ID of the selected object.
This parameter can only be used in object dashboards and is replaced by the selected object on that dashboard.
Note: Both these values are case sensitive!
Where can I find some examples of Dynamic reports/charts?
Please see the following RSA Link community, selecting the "Dashboards / Charts / Reports" Category:
:CurrentUserID is used to display charts and reports that are specific to the current user who is logged in.
This places an additional filter on the query and permits the customized display of report and chart data for the logged-in user. For example, a query for a “My Subordinates” report that includes the CurrentUserID parameter would look like this:
select last_name, first_name, supervisor_id from avuser.pv_users where supervisor_id = :CurrentUserID
At run-time the report would provide information about only those users who are subordinates of the supervisor.
Using this feature would allow you to create a single report/chart, that is then dynamically updated and shows data, based on who is logged in.
For example, you could create a chart to show the total orphan accounts for each application in the environment.
If you create this chart, it would show a lot of data and wouldn't useful to application owners overall. Each application owner really own cares about their own applications.
Obviously you don't want to create a separate report for each application owner, so instead we use this dynamic value, to create just 1 chart, which is then filtered by the application owner = logged in user.
Now, whenever an application owner logs into RSA IGL, they will only see the information for the application they own. Each app-owner will get a totally different report/chart.
select Name, Short_Desc, Account_Count, Orphaned_Account_Count from avuser.pv_application where business_owner = :CurrentUserID
Using :TargetObjectID in a Query
:TargetObjectID filters the results of a query based on selected target object.
The various "object dashboards" can be found under "admin/dashboards/Object Dashboards" and include the following, as shown in these images:
For example, a query for a chart showing the breakdown of "status" (maintain/revoke/none) for a review result.
select state, count(review_item_id)as Total from avuser.PV_REVIEW_COMPONENT where review_id = :TargetObjectID groupby state
At run-time the chart would provide the state information for each review result that is selected.
How to find an Example Target Object ID:
Go to Review/Results
Select any review (pick one that has been worked on, so there are some results)
Once the review is open, look at the URL.
The value you want is found just after "OID=" and then before the "&"