The following table lists the query items in the Account
Audit namespace.
Table 1. Query items in the Account Audit namespace
| Query subject |
Query items and their description |
| Account Audit |
- Audit Account Name
- The name of an account on which the audit action is performed.
- Audit Action
- The action that is performed on an account. For example,
Add, Delete, Modify,
and ChangePassword.
- Audit Comments
- The comments that are entered by the audit workflow approver.
- Audit Account Business Unit
- The business unit of an account.
- Audit Process Subject
- A user who is the owner of an account on which the audit action
is performed.
- Audit Process Service Profile
- The profile type of a service to which an account belongs.
- Audit Process Subject Service
- The service on which an account is provisioned.
- Audit Initiator Name
- The name of a user who initiated the audit action.
- Audit Process Requestee Name
- The name of an account owner.
- Audit Process Recertifier Name
- The name of a user who approves the audit process workflow.
- Audit Operation Start Time
- The audit operation initiation date and time.
- Audit Activity Owner
- An owner who owns the activity. For example,
An owner
name who approves the add request for the pending account.
- Audit Activity Name
- The name of the audit activity.
- Audit Activity Start Time
- The audit activity start date and time.
- Audit Activity Completion Time
- The audit activity completion date and time.
- Audit Process Submission Time
- The audit process submission date and time.
- Audit Process Schedule Time
- The date and time at which an event is scheduled for execution.
- Audit Process Completion Time
- The audit process completion date and time.
- Audit Activity Result Summary
- The result of the activity within the account audit process.
- Audit Process Result Summary
- The result of the account audit process.
|
| Account |
- Account Name
- The name of an account on which the audit action is performed.
- Account Service Name
- The name of a service on which the account is provisioned.
- Account Status
- The account status. The valid values are
Active and Inactive.
- Account Is Orphan
- Indicates whether an account is associated with a user or not.
The valid values are
Yes and No. Yes represents
the account is orphaned, and No represents the account
is not orphaned.
- Account Compliance
- Indicates whether an account is compliant or not. The valid values
are
Compliant, Non compliant, Unknown,
and Disallowed.
- Account Last Access Date
- The last accessed date and time of an account.
- Account Owner First Name
- The given name of a user who is the owner of an account.
- Account Owner Last Name
- The surname of a user who is the owner of an account.
- Account Dn
- An LDAP distinguished name for an account.
- Account Service DN
- An LDAP distinguished name for the service to which an account
belongs.
- Account Owner Business Unit Dn
- An LDAP distinguished name for the business unit to which an account
owner belongs.
- Account Owner Dn
- An LDAP distinguished name for the account owner.
|
| Reconciliation Audit |
- Reconciliation User Name
- The name of a user to whom an account is associated during the
reconciliation operation.
- Reconciliation Account Name
- The name of the reconciled account.
- Reconciliation Processed Accounts
- The number of processed accounts that exist during the last run
of reconciliation.
- Reconciliation TIM User Accounts
- The number of processed accounts that belong to IBM Verify Identity Governance users.
- Reconciliation Local Accounts
- The total number of local accounts created. It does not include
the newly created orphan accounts.
- Reconciliation Policy Violations
- The number of policy violations that are found for the accounts
during the reconciliation. This number includes:
- The accounts where an attribute value is different from the local
account.
- Any attribute value of the account is not compliant with the governing
provisioning policies.
It does not include the accounts where the attribute values of
the local and remote accounts are same, even if the values are noncompliant.
- Reconciliation Start Time
- The reconciliation operation initiation date and time.
- Reconciliation Completion Time
- The reconciliation operation completion date and time.
- Reconciliation Policy Compliance Status
- The reconciliation completion status.
- Reconciliation Operation
- The operation that is performed for the entry of the service instance.
The possible values for an account entry are
New Local, New
Orphan, Suspended Account, and Deprovisioned
Account.
- Reconciliation Requester Name
- The name of an initiator who initiates the reconciliation operation
on the account for a service.
|
| Provisioning Policy |
- Provisioning Policy Name
- The name of a provisioning policy through which an account is
provisioned on the service.
- Provisioning Policy Dn
- An LDAP distinguished name for the provisioning policy.
- Provisioning Policy Container Dn
- An LDAP distinguished name for the business unit to which the
provisioning policy applies.
- Provisioning Policy Service Name
- The name of a service to which the provisioning policy applies.
- Provisioning Policy Service Type
- The profile type of a service to which the provisioning policy
applies.
- Provisioning Policy Service Business Unit Name
- The business unit of a service to which the provisioning policy
applies.
|