Troubleshooting report problems

The following section describes solutions for the IBM Verify Identity Governance Cognos® report problems.

Problems and their solutions

Unable to view the IBM Verify Identity Governance Cognos drill through reports in Microsoft Internet Explorer version 10
If you are using the Microsoft Internet Explorer version 10 browser, the IBM Verify Identity Governance Cognos drill through reports might not work.
Solution
Complete the following steps:
  1. Enable the compatibility view.
    1. In the Microsoft Internet Explorer 10 menu, go to Tools.
    2. Select Compatibility View.
  2. Add the IBM® Cognos website to the trusted sites list.
  3. In the Microsoft Internet Explorer 10 menu, go to Tools > Internet Options.
  4. On the Security tab, click the Trusted sites icon.
  5. Click Sites.
  6. In the Add this website to the zone box, add the IBM Cognos website address.
  7. Click Add.
  8. Click Close.
IBM Cognos audit history report does not show the audit of an account that is provisioned on the managed resource
IBM Cognos audit history for an account does not show the audit of the account that is provisioned on the managed resource when "Default Account Request Workflow" is configured with the entitlements that are associated with the provisioning policy.
Solution
To generate the audit history reports for the accounts with the default workflow, clear the Approval Start Date and Approval End Date check boxes, and then run the report.
IBM Verify Identity Governance Cognos report execution fails on Oracle data source
During the report generation on Oracle data source, if you select more than 1000 filter values on the prompt page, the report execution fails.
Solution
  1. Open the report in IBM Cognos Report Studio.
  2. Open the prompt page and edit the property Rows Per Page for all input widgets.
  3. Set the value to less than or equal to 1000.
The scope for the default provisioning policy is shown as blank on Oracle database.
When you generate the customized IBM Cognos report that includes provisioning policy scope in it, the scope for the default provisioning policy is shown as blank. This issue is specific to Oracle database.
Solution
If the scope for the default provisioning policy is shown as blank on Oracle database, then, interpret the scope of a provisioning policy as Subtree.
No data is displayed in the IBM Verify Identity Governance Cognos audit history report
Account audit is not supported for an account that is added and does not have a defined workflow. To audit the accounts for an audit history report, the default workflow or custom workflow must be attached to the provisioning policy that is created.
Long filter values are not shown completely on the prompt pages
Follow the technote link http://www-01.ibm.com/support/docview.wss?uid=swg21341018 to resolve this issue. The information in the technote also applies to IBM Cognos Analytics version 11.0.13.

Known limitations

The Prompt Page Summary table in the IBM Cognos Report shows "--" as the parameter value when more than 1000 filters per prompt is selected.
IBM Cognos Reports provide the option for multiple selection. You can select more than one value for each parameter in the prompt page. When you select several values to filter the report, text overflow can occur and '--' is displayed instead in the Prompt Page Summary table.
Solution
Avoid selecting too many values for each parameter in the prompt page.
IBM Cognos Reports do not display the actual values of custom labels that are defined in the Custom Labels properties file

IBM Verify Identity Governance supports the use of custom labels. You can specify these labels in the CustomLabels_<locale>.properties file. Custom labels are defined in a key-value pair format. This key can be used to set custom access types, access badges, and others.

For example:
  • Custom access badge label: $OPDData
  • Custom access badge label value: Critical
You can view the access catalog information or entitlements from the following IBM Verify Identity Governance reports:
  • Access Definition Report
  • User Access Report
These reports list all access that is defined in the IBM Verify Identity Governance console. When you define an access badge in the IBM Verify Identity Governance console, the value can be:
  • Derived from the CustomLabels_<locale>.properties file. For example: $OPDData OR
  • A regular string value. For example: "Sensitive data"

For custom labels, these reports display the key for the respective label. For example: $OPDData. You must see the CustomLabels_<locale>.properties file to get the actual value of the custom label.

Disabled access is not displayed in the User Access Report
The access that is defined on groups and roles cannot be displayed in the User Access Report if the access is disabled.
User entitlements are not displayed in Legacy Administrator console reports and in BIRT reports
Both the Legacy Administrator console reports and BIRT reports do not show the entitlements that are granted to an individual when the provisioning policy membership is set to "All Other Users". To resolve the problem, use Cognos-based entitlements granted to an individual report to get the entitlement details.
Audit of the disconnected credentials in the IBM Cognos shared access history report
In IBM Verify Identity Governance, a user can disconnect the shared access credentials in the credential vault. After the credentials are disconnected, the credentials in the vault do not have a connection with an account.

IBM Cognos shared access history report does not include the check-out and check-in history of the credentials that are not connected to an account. The shared access history report does not show the disconnected credentials for check-out and check-in audit action.

IBM Cognos entitlements report shows the provisioning policy data that is in the draft state
The IBM Cognos entitlements report shows the entitlements that are granted to an individual. It lists all the users and the items for which they are entitled. The report also shows the provisioning policy information that includes the policies that are saved in the draft state.
Cannot truncate the length of the text in the pie charts
An option or a property that can be set to truncate the length of the text is not available for the pie charts. You cannot truncate the length of the text in the pie charts.
Duplicate entries of the account add operation are observed when you run the account audit report
Duplicate entries of the account add operation are observed if the provisioning policy is configured with the default workflow and an extra custom workflow is created in Identity Manager Console under Configure System > Manage Operations.
Solution
Remove the default workflow that is defined in the provisioning policy. Therefore, only the custom workflow that is defined would be effective, which would be captured in the account audit report.
Custom workflows that are defined in IBM Verify Identity Governance are not supported for the following type of actions on an account
Only the default workflows are supported for the following actions on an account.
  • Restore
  • Suspend
Audit of the custom access type is not supported in the access audit history report
Any custom access type that is defined as access for a role, service, or group cannot be audited in the access audit history report.