| Recertification Policy |
- Recertification Policy Name
- The name of the recertification policy.
- Recertification Policy Type
- The type of an entity that gets
recertified by using this policy.
The valid values are
User, Account,
and Access.
- Recertification
Policy Description
- The policy description as specified in
the policy configuration.
- Recertification
Policy Enabled
- Shows whether the policy is enabled or not.
- Recertification Policy Scheduled
- The
recertification scheduling modes. The valid values are
CALENDAR and ROLLING.
- Recertification
Policy Rolling Interval in Days
- The recertification period
if the recertification policy scheduling
mode is
ROLLING. No value in this query item indicates
that the scheduling is not in the ROLLING mode.
- Recertification Policy Reject Action
- An action that is taken if the recertification is rejected.
- Recertification Policy Timeout Period in Days
- The duration during which a recertifier must act.
- Recertification Policy Timeout Action
- An automatic
action that must be taken if the recertification
times out.
- Recertification Policy DN
- An LDAP distinguished name for the recertification policy.
- Recertification Policy Container DN
- An LDAP distinguished name for a business unit to which the recertification
policy applies.
- Recertification Policy
Is Custom
- Represents whether the recertification policy is
customized. It
is defined in the workflow.
- Recertification
Policy User Class
- The type of a user to which the recertification
policy applies.
The valid values are
All, Person,
and Business Partner Person.
- Recertification Policy Scope
- Indicates whether the recertification
policy applies to the business
unit and its subunits or either of them.
|
| Recertification Policy
Schedule |
- Recertification Policy Detailed Schedule
- The recertification
schedule in terms of the units of time.
Note: Do not
use this query item with Oracle database. This
query item is supported only for DB2 database.
- Recertification Policy Schedule
- The schedule
that automatically triggers the recertification policy.
The query item represents the schedule in the numeric format. The
format of the schedule is
Minute Hours Month DayOfWeek DayOfMonth
DayOfQuarter DayOfSemiAnnual. For example, 0 0 0
0 -1 0 0.Minute - Represents the
time in minutes.Hours - Represents the time
in hours. -1 indicates
that the recertification policy is applied every hour.Month - Represents the month for the recertification. 1 represents January, 2 represents February,
and so on. -1 indicates that the recertification
policy is applied every month.DayOfWeek -
Represents the day of a week. 1 represents Sunday, 2 represents Monday,
and so on. The positive value indicates that policy is applied weekly
on a specific day. -1 indicates that the recertification
policy is not applied based on the day of a week.DayOfMonth - Represents the date. -1 indicates
that the recertification policy is applied daily.DayOfQuarter - Represents the number of days
after the start of each quarter. 0 indicates
that the policy is not applied quarterly.DayOfSemiAnnual - Represents the number of days
after the start of each half year. 0 indicates
that the policy is not applied semi-annually.- The policy is
applied annually if the value of
Month and DayOfMonth is
positive.
- Recertification Policy
DN
- An LDAP distinguished name for the recertification policy.
|
| Policy Recertifier |
- Recertifier Type
- The type of the recertifier.
The valid values and their meanings:
- Recertifier Name
- The name
of a specific user, role, or group that is defined as
an approver of the recertification. When the recertification policy's
recertifier is set to
User being recertified, then
the Recertifier Name is shown as a blank.
- Recert Policy Dn
- An LDAP distinguished
name for the recertification policy.
|
| Recert Policy Business Unit |
- Business Unit Name
- The name of a business unit.
- Business
Unit Supervisor
- The user supervisor of a business unit.
- Business Unit Dn
- An LDAP distinguished
name for a business unit.
- Business Unit
Container DN
- An LDAP distinguished name for the parent organization
of a business
unit entity.
|
| Recert Policy Role Target |
- Role Name
- The name of the
role. If the policy applies to all the roles in
a business unit, then
ALL ROLES WITHIN POLICY ORGANIZATION is
displayed.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
The value of a role type is empty if the role name is mentioned as ALL
ROLES WITHIN POLICY ORGANIZATION.
- Role Business Unit Name
- The business unit to which the role
belongs.
- Role Business Unit Supervisor
- The user supervisor of a business unit to which the role belongs.
- Role DN
- An LDAP distinguished name
for the role.
- Role Business Unit DN
- An LDAP distinguished name for the business unit to which role
belongs.
- Recert Policy Dn
- An LDAP
distinguished name for the recertification policy.
|
| Recert Policy
Access Target |
- Group Name
- The name for a group. If the policy applies to
all the groups
in an organization, then
ALL GROUPS WITHIN POLICY ORGANIZATION is
displayed. If the policy applies to all the groups for a service,
then ALL GROUPS ON A SPECIFIED SERVICE is displayed.
- Group Description
- The
description of a group.
- Group Type
- The profile type of a group.
- Group Access
Name
- An access name that is defined for a group entity.
- Group Access Description
- The description
of an access that is defined for a group entity.
- Group Access Type
- The type of an access that is defined
for a group entity.
- Group Service Name
- The name of a service on which the group is provisioned.
- Group Dn
- An LDAP distinguished name
for a group.
- Group Service DN
- An
LDAP distinguished name for the service on which a group is
provisioned.
- Group Container DN
- An LDAP distinguished name for an organization to which a group
belongs.
- Group Service Container Dn
- An LDAP distinguished name for an organization of the service
on which group is provisioned.
- Recert Policy
DN
- An LDAP distinguished name for the recertification policy.
|
| Recert Policy Access
Owner |
- Group Dn
- An LDAP distinguished name for a group.
- Group Access Owner Dn
- An LDAP distinguished
name for an access owner that is defined
for a group entity.
- Group Access Owner
Full Name
- Full name of an access owner that is defined for
a group entity.
|
| Group Members |
- Account Name
- The name of an
account that is associated with a credential.
- Account Service Dn
- An LDAP distinguished name for a service
that provisions an account.
- Account Status
- The status of an account that indicates whether the account is
active or inactive.
- Account Compliance
- The details about an account compliance. The valid values are
Unknown, Compliant, Non
Compliant, and Disallowed.
- Account Ownership Type
- The ownership type of
the account. The valid values are
Individual, System, Device,
and Vendor.
- Account Last
Access Date
- The last accessed date and time of an account.
- Account Container Dn
- An LDAP distinguished
name for a business unit of an account.
|
| Recert Policy Account
Target |
- Account
Service Name
- The name of the service. If the policy applies
to all the accounts
in the service, then
ALL ACCOUNT WITHIN POLICY ORGANIZATION is
displayed.
- Account Service Business Unit
Name
- The name of the business unit to which a service belongs.
- Account Service Business Unit Supervisor
- A user supervisor of a business unit that is associated with the
service.
- Account Service DN
- An
LDAP distinguished name for the service.
- Account Service Description
- The description of a service.
- Account Service Business Unit DN
- An
LDAP distinguished name for a business unit that is associated
with the service.
- Account Service Type
- The profile type of the service.
- Account
Service Owner DN
- An LDAP distinguished name for an owner of
the service.
- Account Service Url
- A URL that connects to the service.
- Recert
Policy DN
- An LDAP distinguished name for the recertification
policy.
|
| Account |
- Account Name
- The name of an account that is associated
with a credential.
- Account Service Dn
- An LDAP distinguished name for a service that provisions an account.
- Account Status
- The status of an account
that indicates whether the account is
active or inactive.
- Account Compliance
- The details about an account compliance. The valid values are
Unknown, Compliant, Non
Compliant, and Disallowed.
- Account Ownership Type
- The ownership type of
the account. The valid values are
Individual, System, Device,
and Vendor.
- Account Last
Access Date
- The last accessed date and time of an account.
- Account Container Dn
- An LDAP distinguished
name for a business unit of an account.
|
| Person |
- Person Full Name
- The
full name of a user.
- Person Last Name
- The surname of a user.
- Person Status
- The status of a user.
- Person Dn
- An LDAP distinguished name for a user entity.
- Person Business Unit Dn
- An LDAP distinguished name for
a business unit to a user entity.
- Person
Supervisor
- The name of a user for the supervisor of a user
entity.
|
| Account Owner |
- Person Full Name
- The full name of a user
who owns an account.
- Person Last Name
- The surname of a user who owns an account.
- Person Status
- The status of a user.
- Person Dn
- An LDAP distinguished name for a user entity.
- Person Business Unit Dn
- An LDAP distinguished
name for a business unit to a user entity.
- Person Supervisor
- The name of a user for the supervisor of
a user entity.
|