| Recertification Policy |
- Recertification Policy Name
- The name of the recertification policy.
- Recertification Policy Type
- The type of an entity that gets recertified by using this policy. The valid values are
User, Account, and Access.
- Recertification Policy Description
- The policy description as specified in the policy configuration.
- Recertification Policy Enabled
- Shows whether the policy is enabled or not.
- Recertification Policy Scheduled
- The recertification scheduling modes. The valid values are
CALENDAR and
ROLLING.
- Recertification Policy Rolling Interval in Days
- The recertification period if the recertification policy scheduling mode is
ROLLING. No value in this query item indicates that the scheduling is not in the
ROLLING mode.
- Recertification Policy Reject Action
- An action that is taken if the recertification is rejected.
- Recertification Policy Timeout Period in Days
- The duration during which a recertifier must act.
- Recertification Policy Timeout Action
- An automatic action that must be taken if the recertification times out.
- Recertification Policy DN
- An LDAP distinguished name for the recertification policy.
- Recertification Policy Container DN
- An LDAP distinguished name for a business unit to which the recertification policy applies.
- Recertification Policy Is Custom
- Represents whether the recertification policy is customized. It is defined in the workflow.
- Recertification Policy User Class
- The type of a user to which the recertification policy applies. The valid values are
All, Person, and Business Partner Person.
- Recertification Policy Scope
- Indicates whether the recertification policy applies to the business unit and its subunits or
either of them.
|
| Recertification Policy Schedule |
- Recertification Policy Detailed Schedule
- The recertification schedule in terms of the units of time.
Note: Do not use this
query item with Oracle database. This query item is supported only for DB2 database.
- Recertification Policy Schedule
- The schedule that automatically triggers the recertification policy. The query item represents
the schedule in the following format.
The schedule is specified in either of the following formats:
Minute Hours Month DayOfWeek DayOfMonth DayOfQuarter
DayOfSemiAnnual. For example, 0 0 0 0 -1 0 0.
Minute - Represents the time in minutes.Hours - Represents the time in hours. -1 indicates that
the recertification policy is applied every hour.Month - Represents the month for the recertification. 1
represents January, 2 represents February,
and so on. -1 indicates that the recertification policy is applied every
month.DaysOfWeek - Represents
the days of a week for a weekly schedule. 1 represents Sunday,
2 represents Monday. Multiple days of the week are separated
by |. A non 0 value indicated that the policy is applied weekly on the
specified days. This field applies only to a weekly schedule. If the total number of fields in the
schedule is 7, then this field is absent.DayOfWeek - Represents the day of a week. 1 represents
Sunday, 2 represents Monday, and so on. The
positive value indicates that policy is applied weekly on a specific day. -1
indicates that the recertification policy is not applied based on the day of a week.DayOfMonth - Represents the date. -1 indicates that the
recertification policy is applied daily.DayOfQuarter - Represents the number of days after the start of each quarter.
0 indicates that the policy is not applied quarterly.DayOfSemiAnnual - Represents the number of days after the start of each half
year. 0 indicates that the policy is not applied semi-annually.- The policy is applied annually if the value of
Month and
DayOfMonth is positive.
- Recertification Policy DN
- An LDAP distinguished name for the recertification policy.
|
| Policy Recertifier |
- Recertifier Type
- The type of the recertifier. The valid values and their meanings:
- Recertifier Name
- The name of a specific user, role, or group that is defined as an approver of the
recertification. When the recertification policy's recertifier is set to
User being
recertified, then the Recertifier Name is shown as a blank.
- Recert Policy Dn
- An LDAP distinguished name for the recertification policy.
|
| Recert Policy Business Unit |
- Business Unit Name
- The name of a business unit.
- Business Unit Supervisor
- The user supervisor of a business unit.
- Business Unit Dn
- An LDAP distinguished name for a business unit.
- Business Unit Container DN
- An LDAP distinguished name for the parent organization of a business unit entity.
|
| Recert Policy Role Target |
- Role Name
- The name of the role. If the policy applies to all the roles in a business unit, then
ALL ROLES WITHIN POLICY ORGANIZATION is displayed.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
The value of a role type is empty if the role name is mentioned as ALL ROLES WITHIN POLICY
ORGANIZATION.
- Role Business Unit Name
- The business unit to which the role belongs.
- Role Business Unit Supervisor
- The user supervisor of a business unit to which the role belongs.
- Role DN
- An LDAP distinguished name for the role.
- Role Business Unit DN
- An LDAP distinguished name for the business unit to which role belongs.
- Recert Policy Dn
- An LDAP distinguished name for the recertification policy.
|
| Recert Policy Access Target |
- Group Name
- The name for a group. If the policy applies to all the groups in an organization, then
ALL GROUPS WITHIN POLICY ORGANIZATION is displayed. If the policy applies to all
the groups for a service, then ALL GROUPS ON A SPECIFIED SERVICE is displayed.
- Group Description
- The description of a group.
- Group Type
- The profile type of a group.
- Group Access Name
- An access name that is defined for a group entity.
- Group Access Description
- The description of an access that is defined for a group entity.
- Group Access Type
- The type of an access that is defined for a group entity.
- Group Service Name
- The name of a service on which the group is provisioned.
- Group Dn
- An LDAP distinguished name for a group.
- Group Service DN
- An LDAP distinguished name for the service on which a group is provisioned.
- Group Container DN
- An LDAP distinguished name for an organization to which a group belongs.
- Group Service Container Dn
- An LDAP distinguished name for an organization of the service on which group is
provisioned.
- Recert Policy DN
- An LDAP distinguished name for the recertification policy.
|
| Recert Policy Access Owner |
- Group Dn
- An LDAP distinguished name for a group.
- Group Access Owner Dn
- An LDAP distinguished name for an access owner that is defined for a group entity.
- Group Access Owner Full Name
- Full name of an access owner that is defined for a group entity.
|
| Group Members |
- Account Name
- The name of an account that is associated with a credential.
- Account Service Dn
- An LDAP distinguished name for a service that provisions an account.
- Account Status
- The status of an account that indicates whether the account is active or inactive.
- Account Compliance
- The details about an account compliance. The valid values are
Unknown,
Compliant, Non Compliant, and Disallowed.
- Account Ownership Type
- The ownership type of the account. The valid values are
Individual,
System, Device, and Vendor.
- Account Last Access Date
- The last accessed date and time of an account.
- Account Container Dn
- An LDAP distinguished name for a business unit of an account.
|
| Recert Policy Account Target |
- Account Service Name
- The name of the service. If the policy applies to all the accounts in the service, then
ALL ACCOUNT WITHIN POLICY ORGANIZATION is displayed.
- Account Service Business Unit Name
- The name of the business unit to which a service belongs.
- Account Service Business Unit Supervisor
- A user supervisor of a business unit that is associated with the service.
- Account Service DN
- An LDAP distinguished name for the service.
- Account Service Description
- The description of a service.
- Account Service Business Unit DN
- An LDAP distinguished name for a business unit that is associated with the service.
- Account Service Type
- The profile type of the service.
- Account Service Owner DN
- An LDAP distinguished name for an owner of the service.
- Account Service Url
- A URL that connects to the service.
- Recert Policy DN
- An LDAP distinguished name for the recertification policy.
|
| Account |
- Account Name
- The name of an account that is associated with a credential.
- Account Service Dn
- An LDAP distinguished name for a service that provisions an account.
- Account Status
- The status of an account that indicates whether the account is active or inactive.
- Account Compliance
- The details about an account compliance. The valid values are
Unknown,
Compliant, Non Compliant, and Disallowed.
- Account Ownership Type
- The ownership type of the account. The valid values are
Individual,
System, Device, and Vendor.
- Account Last Access Date
- The last accessed date and time of an account.
- Account Container Dn
- An LDAP distinguished name for a business unit of an account.
|
| Person |
- Person Full Name
- The full name of a user.
- Person Last Name
- The surname of a user.
- Person Status
- The status of a user.
- Person Dn
- An LDAP distinguished name for a user entity.
- Person Business Unit Dn
- An LDAP distinguished name for a business unit to a user entity.
- Person Supervisor
- The name of a user for the supervisor of a user entity.
|
| Account Owner |
- Person Full Name
- The full name of a user who owns an account.
- Person Last Name
- The surname of a user who owns an account.
- Person Status
- The status of a user.
- Person Dn
- An LDAP distinguished name for a user entity.
- Person Business Unit Dn
- An LDAP distinguished name for a business unit to a user entity.
- Person Supervisor
- The name of a user for the supervisor of a user entity.
|