| Account |
- Account Name
- The name of an account.
- Account Status
- An account status. The valid values are
Active and Inactive.
- Account
Compliance
- Indicates whether an account is compliant or not.
The valid values
are
Unknown, Compliant, Non
Compliant, and Disallowed.
- Account Ownership Type
- The type of the account
ownership. The valid values are
Device, Individual, System,
and Vendor.
- Account Last
Access Date
- The last accessed date and time of an account.
- Account Service Name
- The name of a
service in which the account is located.
- Account Dn
- An LDAP distinguished name for an account.
- Account Container Dn
- An LDAP distinguished
name for a business unit to which an account
belongs.
- Account Service Dn
- An
LDAP distinguished name for a service to which the accounts
belong.
- Account Service Container DN
- An LDAP distinguished name for a business unit of a service that
is associated with the accounts.
- Account
Service Url
- A URL that connects to a managed resource.
- Account Service Type
- The service profile
type.
|
| Account Owner |
- Person Full Name
- The full name of a user
who owns an account.
- Person Last Name
- The surname of a user who owns an account.
- Person Dn
- An LDAP distinguished name for an account owner.
- Person Business Unit Dn
- An LDAP distinguished
name for the business unit to which an account
owner belongs.
- Person Supervisor
- The user supervisor of the account owner.
|
| Account Owner Role Membership |
- Role Name
- The name of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
- Role Dn
- An LDAP
distinguished name for a role.
- Role Container
DN
- An LDAP distinguished name for the business unit that is
associated
with a role.
|
| Group |
- Group Name
- The name of a group for which an access is
defined.
- Group Type
- The profile
type of a group.
- Group Access Name
- The name of the access that is defined for a group.
- Group Access Type
- The type of the access that
is defined for a group.
- Group Supervisor
- An LDAP distinguished name for a group supervisor.
- Group DN
- An LDAP distinguished name for a group
to which an access is defined.
- Group Container
Dn
- An LDAP distinguished name for the business unit that is
associated
with a group.
- Group Service Dn
- An LDAP distinguished name for the service that is associated
with a group.
|
| Service Business Unit |
- Business Unit Name
- The name
of the business unit to which a user belongs.
- Business Unit Supervisor
- The user supervisor of the business
unit.
- Business Unit Dn
- An LDAP
distinguished name for the business unit to which a user
belongs.
- Business Unit Container Dn
- An LDAP distinguished name for the parent the business unit of
an organization entity.
|
| Credential |
- Credential Name
- The name of
a shared credential.
- Credential Policy
Name
- The name of a policy that provides the entitlements for
a credential.
- Credential Description
- Describes a credential as specified in the credential configuration.
- Credential Is Exclusive
- Indicates whether
the credential is exclusive or not. 0 represents
Yes,
and 1 represents No.
- Credential Pool Use Global Settings
- A flag that indicates whether a credential pool uses the shared
access global settings. 0 represents
Uses
global settings, and 1 represents Does
not use gloabl settings.
- Credential
Is Searchable
- Indicates whether a credential is searchable
or not. 0 represents
Can
be searched, and 1 represents cannot
be searched.
- Credential Is Password
Viewable
- Specifies whether a use can view the password on
a credential. 0 represents
password
is viewable, and 1 represents password
is not viewable.
- Credential Reset
Password
- Indicates whether the password of a credential is
regenerated
on every check-in action. 0 represents
Yes,
and 1 represents No.
- Credential MAX Checkout Time
- The maximum
allowed check-out duration for the credential in hours.
- Credential Service Name
- The name of a service
to which the credential is provisioned.
- Credential Service Business Unit Name
- The name of the business
unit to which the credential service
belongs.
- Credential Dn
- An LDAP
distinguished name for a credential.
- Credential
Service Dn
- An LDAP distinguished name for the service on which
a credential
is provisioned.
- Credential Service Business
Unit Dn
- An LDAP distinguished name for the business unit of
a credential
service.
- Credential Shared Access Member
Role Dn
- An LDAP distinguished name for the role who is a member
of the
shared access policy that provides entitlement for the credential.
- Credential Shared Access Policy Id
- a unique numeric identifier that is assigned to the policy by IBM Verify Identity Governance.
|
| Credential
Pool |
- Credential
Pool Name
- The name of the credential pool.
- Credential Pool Policy Name
- The name of a policy
that provides the entitlements for the credential
pool.
- Credential Pool Service Name
- The name of the service on which the groups corresponding to the
credential pool are provisioned.
- Credential
Pool Service Business Unit Name
- The name of the business unit
to which the credential pool service
belongs.
- Credential Pool Group Name
- The name of the group corresponding to credential pool.
- Credential Pool Dn
- An LDAP distinguished name
for the credential pool.
- Credential Pool
Service Dn
- An LDAP distinguished name for the service on which
the groups
corresponding to the credential pool are provisioned.
- Credential Pool Business Unit Dn
- An LDAP distinguished
name for the business unit of a credential
pool service.
- Credential Pool Shared Access
Member Role Dn
- An LDAP distinguished name for the role who
is a member of the
shared access policy that provides entitlement for the credential
pool.
- Credential Pool Shared Access Policy
Id
- A unique numeric identifier that is assigned to the policy
by IBM Verify Identity Governance system.
|
| Account ACI |
- ACI Name
- The name of an ACI.
- ACI Business Unit Name
- The name of a business
unit to which an ACI applies.
- ACI Protection
Category
- The category of an entity that is protected by an
ACI. The value
of this item must be
Account.
- ACI Target
- The type of selected protection category that
is associated with
an ACI. The valid values and their meanings:
erAccountItem - All type of the accounts.erLDAPUserAccount - LDAP accounts.erPosixAixAccount - POSIX
AIX accounts.erPosixHpuxAccount - POSIX
HP-UX accounts.erPosixLinuxAccount - POSIX
Linux accounts.erPosixSolarisAccount - POSIX
Solaris accounts.
- ACI scope
- The scope of an ACI. It determines whether an ACI applies to subunits
of a business organization or not. The valid values and their meanings:
single - The policy applies to a business unit
and not its subunits.subtree - The policy
applies to the subunits
of a business organization.
- ACI
Member Name
- The members who are governed by an ACI. The valid
values are:
All users in the system.The account owner.The manager of
the account owner.The owner of the service
that the account resides on.The owner of
any access defined on the service that the
account resides on.The sponsor of the business
partner organization in which
the account resides.The administrator of
the domain in which the account resides.
- ACI System Group Name
- Represents the
name of the group whose members are governed by
an ACI.
- ACI Business Unit Dn
- An
LDAP distinguished name for the business unit.
- ACI System Group Dn
- An LDAP distinguished name for a system
group.
|
| ACI Operations |
- ACI Operation Name
- The name of an operation
that is governed by an ACI.
- ACI Operation
Permission
- The permission applicable on an ACI operation.
The valid values
are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP
distinguished name for the business unit.
|
| ACI Attribute Permisions |
- ACI Attribute Name
- The name of an LDAP attribute on which the permissions are controlled
by an ACI.
- ACI Attribute Operation
- The name of the operation that can be run on an attribute. The
valid values are
r for read operation, w for
write operation, and rw for read and write operations.
- ACI Attribute Permission
- The permission
applicable on an ACI operation. The valid values
are
grant and deny.
- ACI Business Unit Dn
- An LDAP distinguished name
for the business unit.
|
| Identity Policy |
- Identity Policy Name
- The name
of an identity policy.
- Identity Policy
Scope
- The scope of an identity policy. It determines whether
the policy
applies to the subunits of a business organization or not. The valid
values and their meanings:
single - The policy
applies to a business unit
and not its subunits.subtree - The policy
applies to the subunits
of a business organization.
- Identity
Policy Enabled
- Shows whether or not the policy is enabled.
- Identity Policy User Class
- The type
of a user for which the policy applies. The valid values
are
Person and Business Partner Person.
- Identity Policy Target Type
- Determines the type of the service within the policy business
unit on which the identity policy is applied. The valid values and
their meanings:
All Services - All the defined
services.Specific Service - The services
that are explicitly
added by a user.PosixLinuxProfile - All
the services of type
POSIX Linux profile.LdapProfile - All the
services of type LDAP profile.PosixAixProfile - All the services of type POSIX AIX
profile.PosixSolarisProfile - All the services
of type
POSIX Solaris profile.PosixHpuxProfile -
All the services of type POSIX
HP_UX Profile.ITIM Service - Default service that is used for IBM Verify Identity Governance accounts.
- Identity
Policy Dn
- An LDAP distinguished name for the identity policy.
- Identity Policy Target Dn
- An LDAP distinguished
name for the service on which the identity
policy is applied.
- Identity Policy Container
Dn
- An LDAP distinguished name for the business unit where
the identity
policy is located.
|
| Provisioning Policy |
- Provisioning Policy Name
- The
name of a provisioning policy.
- Provisioning
Policy Member Name
- The name of the entities that is provisioned
by a policy. The
valid values are:
All users in the organizationAll other users who are not granted to the entitlement(s)
defined by this provisioning policy via other policies.
- Provisioning Policy Dn
- An
LDAP distinguished name for the provisioning policy.
- Provisioning Policy Container Dn
- An LDAP distinguished
name for a business unit to which the provisioning
policy applies.
|
| Recertification Policy |
- Recertification Policy Name
- The name of the recertification policy.
- Recertification Policy Type
- The type of an entity that gets
recertified by the policy. The
valid values are
Account, Access,
and Identity.
- Recertification
Policy Description
- Describes the policy as specified in the
policy configuration.
- Recertification Policy
Enabled
- Shows whether or not the policy is enabled.
- Recertification Policy Scheduling Mode
- The recertification scheduling modes. The valid values are
CALENDAR and ROLLING.
- Recertification Policy Rolling Interval
- The recertification
period if the recertification policy scheduling
mode is
ROLLING. No value in this query item indicates
that the scheduling is not in the ROLLING mode.
- Recertification Policy Reject Action
- An action that is taken if the recertification is rejected.
- Recertification Policy Timeout Period in Days
- The duration during which the recertifier must act.
- Recertification Policy Timeout Action
- An automatic
action that must be taken if the recertification
times out.
- Recertification Policy DN
- An LDAP distinguished name for the recertification policy.
- Recertification Policy Container DN
- An LDAP distinguished name for a business unit to which the recertification
policy applies.
- Recertification Policy
IsCustom
- Indicates whether this recertification policy is
customized. It
is defined in a workflow.
- Recertification
Policy User Class
- The type of a user the recertification policy
applies. The valid
values are
All, Person, and Business
Partner Person.
|
| Password Policy |
- Password Policy Name
- The name
of a password policy.
- Password Policy Scope
- The scope of a password policy. It determines whether the policy
applies to subunits of a business organization or not. The valid values
and their meanings:
single - The policy applies
to a business unit
and not its subunits.subtree - The policy
applies to the subunits
of a business organization.
- Password
Policy Enabled
- Shows whether or not the policy is enabled.
- Password Policy Target Type
- Determines
the type of a service within the policy business unit
on which the password policy is applied. The valid values are:
All Services - All the defined services.Specific Service - The services that are explicitly
added by a user.PosixLinuxProfile - All
the services of type
POSIX Linux profile.LdapProfile - All the
services of type LDAP profile.PosixAixProfile - All the services of type POSIX AIX
profile.PosixSolarisProfile - All the services
of type
POSIX Solaris profile.PosixHpuxProfile -
All the services of type POSIX
HP_UX Profile.ITIMService - Default service
that is used for IBM Verify Identity Governance accounts.
- Password
Policy Dn
- An LDAP distinguished name for the password policy.
- Password Policy Target Dn
- An LDAP distinguished
name for the service on which the password
policy is applied.
- Password Policy Container
Dn
- An LDAP distinguished name for the business unit where
the identity
policy is located.
|