Query items for Recertification Audit namespace

The following table lists the query items in the Recertification Audit namespace.

Table 1. Query items in the Recertification Audit namespace
Query subject Query items and their description
User Recertification Policy
Recertification Policy Name
The name of the recertification policy.
Recertification Policy Type
The type of an entity that gets recertified by using this policy. The valid values are Account, Access, and Identity.
Recertification Policy Description
The description of the policy as specified in the policy configuration.
Recertification Policy Enabled
Shows whether the policy is enabled.
Recertification Policy Scheduled
The recertification scheduling modes. The valid values are CALENDAR and ROLLING.
Recertification Policy Rolling Interval in Days
The recertification period if the recertification policy scheduling mode is ROLLING. No value in this query item indicates that the scheduling is not in the ROLLING mode.
Recertification Policy Reject Action
An action that was taken if the recertification is rejected.
Recertification Policy Timeout Period in Days
The duration during which a recertifier must act.
Recertification Policy Timeout Action
The automatic action that must be taken if the recertification times out.
Recertification Policy DN
An LDAP distinguished name for the recertification policy.
Recertification Policy Container DN
An LDAP distinguished name for a business unit to which the recertification policy applies.
Recertification Policy Is Custom
Indicates whether the recertification policy is customized. It is defined in the workflow.
Recertification Policy User Class
The type of a user to which the recertification policy applies. The valid values are All, Person, and Business Partner Person.
Recertification Policy Scope
Indicates whether the recertification policy applies to the business unit and its subunits or either of them.
User Recert History
User Recert History Person Name
The full name of a person.
User Recert History Person Email
The user email identifier.
User Recert History Person Status
A user status at the end of the recertification workflow process. The valid values are Active and Inactive.
User Recert History Person Business Unit Name
A business unit to which a user belongs.
User Recert History Recertification Policy Name
The recertification policy that created a user entity.
User Recert History Timeout
Shows whether the recertification process is timed out or not. 0 represents Not timed out, and 1 represents Timed out.
User Recert History Comments
The comments that are entered by a user during the user recertification process.
User Recert History Process Comments
The comments that are entered by a user during the recertification process.
User Recert History Process Submission time
The recertification policy submission time.
User Recert History Process Start Time
The time at which user recertification workflow process was started.
User Recert History Process Completion Time
A user recertification history process completion time.
User Recert History Process Last Modified Time
The time at which user recertification workflow process was last modified.
User Recert History Process Requester Name
The name of a user who submitted the request for recertification.
User Recert History Process Requestee Name
The name of a user entity for whom the request for recertification was submitted.
User Recert History Process Recertifier Name
The name of a user who is the final approver in the recertification workflow process.
User Recert History Process Result Summary
An overall summary of a user recertification workflow process result.
User Recert History Process Scheduled
The schedule for recertification policy submission.
User Recert History Id
A unique ID assigned by the IBM Verify Identity Governance to a user recertification audit history.
User Recert History Person DN
An LDAP distinguished name for a user entity in the recertification process.
User Recert History Recertification Policy DN
An LDAP distinguished name for the recertification policy that recertifies a user entity.
Person
Person Full Name
The full name of a user.
Person Last Name
The surname of a user.
Person Status
The status of a user.
Person Dn
An LDAP distinguished name for a user entity.
Person Business Unit Dn
An LDAP distinguished name for a business unit to which a user belongs.
Person Supervisor
The name of a user who is the supervisor of a user entity.
Person Organization
Business Unit Name
The name of a business unit to which a user belongs.
Business Unit Supervisor
A user supervisor of a business unit.
Business Unit DN
An LDAP distinguished name for the business unit to which a user belongs.
Business Unit Container DN
An LDAP distinguished name for the parent business unit of an organization entity.
User Recert Account
User Recert Account Name
The name of an account in a user recertification.
User Recert Account Service Name
The name of a service to which an account belongs.
User Recert Account Service Description
Describes the service that is associated to an account.
User Recert Account Status
The status of an account at the end of the recertification. The valid values are Approved and Rejected.
User Recert Account Recert Id
A unique numeric ID assigned by the IBM Verify Identity Governance to an account recertification.
User Recert Account DN
An LDAP Distinguished name for an account entity in the recertification.
User Recert Account Service DN
An LDAP Distinguished name for the service to which an account entity belongs.
User Recert Group
User Recert Group Name
The name of a group in the user recertification.
User Recert Group Description
Describes the recertification group.
User Recert Group Status
The status of a group at the end of the recertification. The valid values are Approved and Rejected.
User Recert Group Recert Id
A unique numeric ID assigned by IBM Verify Identity Governance to a group recertification.
User Recert Group DN
An LDAP Distinguished name for a group entity in the recertification.
User Recert Group Service
Group Name
The name of a group.
Service Name
The name of a service to which the group belongs.
Service Type
The service profile type.
Service Url
A URL that connects to the managed resource.
Service DN
An LDAP distinguished name for a service to which the group belongs.
Service Container Dn
An LDAP distinguished name for a business unit of the service that is associated with a group.
Service Owner Dn
An LDAP distinguished name for a user owner of the service.
Group Dn
An LDAP distinguished name for a group entity in the recertification.
User Recert Role
User Recert Role Name
The name of a role in the user recertification.
User Recert Role Description
The description of a role.
User Recert Role Status
The status of a role at the end of the recertification. The valid values are Approved and Rejected.
User Recert Role Recert Id
A unique numeric identifier that is assigned by IBM Verify Identity Governance to a role recertification.
User Recert Role DN
An LDAP Distinguished name for a role entity in the recertification.
Account
Account Name
The name of an account.
Account Service Dn
An LDAP distinguished name for a service that provisions an account.
Account Status
The status of an account. The valid values are Active and Inactive.
Account Compliance
The details about an account compliance. The valid values are Unknown, Compliant, Non Compliant, and Disallowed.
Account Ownership Type
The ownership type of an account. The valid values are Individual, System, Device, and Vendor.
Account Last Access Date
The last date when an account was accessed.
Account Container Dn
An LDAP distinguished name for a business unit to which an account belongs.
Account Service
Service Name
The name of a service to which an account belongs.
Service Dn
An LDAP distinguished name for a service to which an account belongs.
Service Container DN
An LDAP distinguished name for a business unit of a service that is associated to the accounts.
Service Owner DN
An LDAP distinguished name for a user owner of the service.
Service Url
A URL that connects to the managed resource.
Service Type
The service profile type.
Account Owner
Person Full Name
The full name of a user who owns an account.
Person Last Name
The surname of a user who owns an account.
Person Status
The status of a user who owns an account.
Person DN
An LDAP distinguished name for an account owner.
Person Business Unit DN
An LDAP distinguished name for a business unit that is associated to an account owner.
Person Supervisor
The supervisor of an account owner.
Account Recert History
Recert History Service Name
The name of a service to which accounts and groups belong. These accounts and groups are involved with an account recertification audit.
Recert History Service Profile
The profile type of a service.
Recert History Status
An account status at the end of the recertification workflow process. The valid values are Abort, Approved, Timeout, Pending, and Rejected.
Recert History Action
The action that is taken on an account at the end of recertification process as defined by the recertification policy. The valid values are Abort, Certify, Delete, Mark, Certify Administrative, and Suspend.
Recert History Comments
The comments that are entered by a user during recertification process.
Recert History Process Start Time
The time at which an account recertification workflow process started.
Recert History Process Submission Time
The time at which recertification policy was submitted.
Recert History Process Completion Time
The time at which an account recertification workflow process completed.
Recert History Process Last Modified Time
The last modified time for an account recertification workflow process.
Recert History Process Comments
The comments that are entered by a user during recertification process.
Recert History Process Result Summary
The summary of the recertification process result. The valid values are Success, Failed, Pending, Escalated, Skipped, Timeout, and Warning.
Recert History Process Requestee Name
The name of a user entity for whom the recertification request is submitted. For example, if the entity for recertification is an account, then the query item is the name of the account.
Recert History Process Requester Name
The name of a user who submitted the recertification request. For example, if administrator submits a request for recertification, then this query item is the name of the administrator.
Recert History Recertifier Name
The name of a user who is the final approver in the recertification workflow process.
Recert History Activity Owner
An owner of recertification activity for an account.
Recert History Recertifier Id
An account identifier of the recertifier.
Access
Group ID
An identifier for a group.
Group Name
The name of a group for which an access is defined.
Group Type
The profile type of a group.
Group Access Name
The name of the access that is defined for a group.
Group Access Type
The type of the access that is defined for a group.
Group DN
An LDAP distinguished name for a group entity for which an access is defined.
Group Container DN
An LDAP distinguished name for a business unit that is associated with a group.
Group Service DN
An LDAP distinguished name for the service that is associated to a group.
Access Recert History
Recert History Service Name
The name of a service to which accesses and groups belong. These accesses and groups are involved with an access recertification audit.
Recert History Service Profile
The profile type of a service.
Recert History Status
An access status at the end of the recertification workflow process. The valid values are Abort, Approved, Timeout, Pending, and Rejected.
Recert History Action
The action that is taken on an access at the end of recertification process as defined by the recertification policy. The valid values are Abort, Certify, Delete, Mark, Certify Administrative, and Suspend.
Recert History Comments
The comments that are entered by a user during recertification process.
Recert History Process Start Time
The time at which an access recertification workflow process started.
Recert History Process Submission Time
The time at which recertification policy was submitted.
Recert History Process Completion Time
The time at which an access recertification workflow process completed.
Recert History Process Last Modified Time
The last modified time for an access recertification workflow process.
Recert History Process Comments
The comments that are entered by a user during recertification process.
Recert History Process Result Summary
The summary of the recertification process result. The valid values are Success, Failed, Pending, Escalated, Skipped, Timeout, and Warning.
Recert History Process Requestee Name
The name of a user entity for whom the recertification request is submitted. For example, if the entity for recertification is an access, then the query item is the name of the access.
Recert History Process Requester Name
The name of a user who submitted the recertification request. For example, if administrator submits a request for recertification, then this query item is the name of the administrator.
Recert History Recertifier Name
The name of a user who is the final approver in the recertification workflow process.
Recert History Activity Owner
An owner of recertification activity for an access.
Recert History Recertifier Id
An access identifier of the recertifier.