Entitlement Optimization Browse entitlements

Use the views and filters in this window to see the activity level of entitlements, and the lineage of the entitlements.

Data is presented in the tab from the first Sunday after you enabled the feature. After the first Sunday, the activities are updated daily.

This information is useful for general entitlement investigation, and to further evaluate recommendations in the Recommendations report. The default view in this window is a bar chart of the datasources with the highest rates of unused privileges.

Entitlement browse shows all the entitlements of the data sources defined in the grdAPI that have extractEntitlement available. This is true if the activity collection is off, and if the user scope and object scopes are defined. You can always search and see the permissions of all the users.

The activity count field results are affected by the userScope parameter, as follows:

Typical investigations are:

To get more details on how a specific privilege is used, with full SQL, you can search for Data Activity (Investigate > Search for Data Activity), right-click the DB User or Source program in the Results Table, and select Full SQL by DB User.

Unused entitlements are typically one of:

To view entitlement usage on a specific service on a specific server:

  1. On the left side, select a server IP and service.
  2. Filter by one or more of: Name, Object Name.
  3. Optionally enter a Verb or date range.
Figure 1. Selecting entitlement criteriaSelecting entitlement criteria

The table presents the Grantee type, Grantee, Verb, Name, Activity count, and Lineage. A user can have multiple privilege lineages: explicit, or implicit, inherited from a parent role, or role hierarchy.