The following table lists the query items in the Account
Audit namespace.
Table 1. Query
items in the Account Audit namespace| Query subject |
Query items and their description |
|---|
| Account Audit |
- Audit Account Name
- The name of an account on which the audit action is performed.
- Audit Action
- The action that is performed
on an account. For example,
Add, Delete, Modify,
and ChangePassword.
- Audit
Comments
- The comments that are entered by the audit workflow
approver.
- Audit Account Business Unit
- The business unit of an account.
- Audit
Process Subject
- A user who is the owner of an account on which
the audit action
is performed.
- Audit Process Service Profile
- The profile type of a service to which an account belongs.
- Audit Process Subject Service
- The service
on which an account is provisioned.
- Audit
Initiator Name
- The name of a user who initiated the audit
action.
- Audit Process Requestee Name
- The name of an account owner.
- Audit Process
Recertifier Name
- The name of a user who approves the audit
process workflow.
- Audit Operation Start
Time
- The audit operation initiation date and time.
- Audit Activity Owner
- An owner who owns
the activity. For example,
An owner
name who approves the add request for the pending account.
- Audit Activity Name
- The name
of the audit activity.
- Audit Activity Start
Time
- The audit activity start date and time.
- Audit Activity Completion Time
- The audit activity
completion date and time.
- Audit Process
Submission Time
- The audit process submission date and time.
- Audit Process Schedule Time
- The date
and time at which an event is scheduled for execution.
- Audit Process Completion Time
- The audit process
completion date and time.
- Audit Activity
Result Summary
- The result of the activity within the account
audit process.
- Audit Process Result Summary
- The result of the account audit process.
|
| Account |
- Account Name
- The name
of an account on which the audit action is performed.
- Account Service Name
- The name of a service on
which the account is provisioned.
- Account
Status
- The account status. The valid values are
Active and Inactive.
- Account
Is Orphan
- Indicates whether an account is associated with
a user or not.
The valid values are
Yes and No. Yes represents
the account is orphaned, and No represents the account
is not orphaned.
- Account Compliance
- Indicates whether an account is compliant or not. The valid values
are
Compliant, Non compliant, Unknown,
and Disallowed.
- Account
Last Access Date
- The last accessed date and time of an account.
- Account Owner First Name
- The given
name of a user who is the owner of an account.
- Account Owner Last Name
- The surname of a user who is the
owner of an account.
- Account Dn
- An LDAP distinguished name for an account.
- Account Service DN
- An LDAP distinguished name for the service
to which an account
belongs.
- Account Owner Business Unit Dn
- An LDAP distinguished name for the business unit to which an account
owner belongs.
- Account Owner Dn
- An LDAP distinguished name for the account owner.
|
| Reconciliation
Audit |
- Reconciliation
User Name
- The name of a user to whom an account is associated
during the
reconciliation operation.
- Reconciliation
Account Name
- The name of the reconciled account.
- Reconciliation Processed Accounts
- The number
of processed accounts that exist during the last run
of reconciliation.
- Reconciliation TIM User
Accounts
- The number of processed accounts that belong to IBM
Security Identity
Manager users.
- Reconciliation Local Accounts
- The total number of local accounts created. It does not include
the newly created orphan accounts.
- Reconciliation
Policy Violations
- The number of policy violations that are
found for the accounts
during the reconciliation. This number includes:
- The accounts
where an attribute value is different from the local
account.
- Any attribute value of the account is not compliant
with the governing
provisioning policies.
It does not include the accounts where
the attribute values of
the local and remote accounts are same, even if the values are noncompliant.
- Reconciliation Start Time
- The reconciliation
operation initiation date and time.
- Reconciliation
Completion Time
- The reconciliation operation completion date
and time.
- Reconciliation Policy Compliance
Status
- The reconciliation completion status.
- Reconciliation Operation
- The operation that is
performed for the entry of the service instance.
The possible values for an account entry are
New Local, New
Orphan, Suspended Account, and Deprovisioned
Account.
- Reconciliation Requester
Name
- The name of an initiator who initiates the reconciliation
operation
on the account for a service.
|
| Provisioning Policy |
- Provisioning Policy Name
- The name of a provisioning policy through which an account is
provisioned on the service.
- Provisioning
Policy Dn
- An LDAP distinguished name for the provisioning
policy.
- Provisioning Policy Container Dn
- An LDAP distinguished name for the business unit to which the
provisioning policy applies.
- Provisioning
Policy Service Name
- The name of a service to which the provisioning
policy applies.
- Provisioning Policy Service
Type
- The profile type of a service to which the provisioning
policy
applies.
- Provisioning Policy Service Business
Unit Name
- The business unit of a service to which the provisioning
policy
applies.
|