Report administration

The IBM® Security Privileged Identity Manager solution supports the IBM Cognos® reporting framework for report generation.

Available reports

The reporting package includes the following reports:

Shared Access Entitlements by Owner Report: This report shows the credentials and credential pools that are owned by the selected owner.
Shared Access Entitlements by Role Report: This report shows the information about the credentials and credential pools that are entitled by the selected role.
Shared Access Entitlement Definition Report: This report shows the configuration information of Privileged IDs and the Shared Access Policies that are associated with these Privileged IDs.
Shared Access History Report: This report shows the history of actions that are performed on the shared credentials.
Single Sign-On Privileged ID Audit Report: This report provides a log history of check-out and check-in actions that are performed for each Privileged ID on the managed resource. This report also includes a subreport that is called User Activity Audit Report. With this subreport, you can play back the user session recording or view the terminal commands that the user executed on the managed resource.
Privileged Session Recorder Report: This report shows the history of activities that occurred in the Privileged Session Recorder console sorted by User Name. You can use this report to track and monitor the actions of the selected user in the Privileged Session Recorder console.

For more information about these reports, see Report descriptions and parameters.

Note: For the shared access reports, you must map the attributes to the entities before you can work with these reports. For more information about mapping the attributes, see Mapping the attributes and entities.

For BIRT-based shared access reports, see Tivoli Common Reporting.

Report data overview

Report data is staged through a data synchronization process. The process gathers data from the directory information store and prepares it for the reporting engine. You can run data synchronization on demand or scheduled it on a regular basis.

The generated reports are based on the most recent data synchronization, not on current data. Activities that occur after the last completed data synchronization are captured by the next data synchronization. Data in the reports is obtained from the database and the directory server.

To generate a report, you must synchronize data at least one time. The report data is based on the most recent data synchronization and is only as accurate as the report data from that synchronization.

For more information, see "Data synchronization" from the IBM Security Identity Manager Administration Guide, "Report administration" section.