The following table lists the query items in the Separation
of Duty Audit
namespace.
Table 1. Query items in the Separation of
Duty Audit
namespace
Query subject |
Query items and their description |
Separation of Duty Policy |
- Separation of Duty Policy Name
- The name of the separation of duty policy.
- Separation of Duty Policy Description
- The description of the separation of duty policy.
- Separation of Duty Policy Business Unit Name
- The name of a business unit to which the separation of duty policy
applies.
- Separation of Duty Policy Enabled
- Indicates whether or not the policy is enabled. The valid values
are
Enabled and Disabled .
- Separation of Duty Policy Rule Name
- The name of a rule that is associated with the separation of duty
policy.
- Separation of Duty Policy Rule Max Roles Allowed
- The maximum number of the roles that can be a part of the separation
of duty rule.
- Separation of Duty Policy Id
- A unique numeric identifier for the separation of duty policy.
- Separation of Duty Policy Dn
- An LDAP distinguished name for the separation of duty policy.
- Separation of Duty Rule Id
- A unique numeric identifier for the separation of duty rule that
is associated with the separation of duty policy.
|
Separation of Duty Policy Role |
- Separation of Duty Policy Role Name
- The name of the role that is a part of the separation of duty
rule.
- Separation of Duty Policy Role Description
- The description of the separation of duty policy role.
- Separation of Duty Policy Business Unit Name
- The name of the business unit to which the separation of duty
policy role applies.
- Separation of Duty Policy Role Dn
- An LDAP distinguished name for the role that is a part of the
separation of duty policy.
- Separation of Duty Policy Role Id
- A unique numeric identifier for the role that is a part of separation
of duty policy.
- Separation of Duty Policy Rule Id
- A unique numeric identifier for the separation of duty rule that
is associated with the separation of duty policy.
|
Separation of Duty Policy Violation
and Exemption Current Status |
- Audit Status
- The status of the separation of duty policy violation or exemption.
The possible values are:
Violation - indicates that the violation occurred.
Approved - indicates that an approver approved
the exempted violation.
- Audit Person Name
- The name of a person to which the violation refers.
- Audit Person Business Unit
- The business unit to which a person involved in the violation
belongs.
- Audit Approver Name
- The name of a person who exempted the violation.
- Audit Approver Business Unit
- The business unit of the user who exempted the violation.
- Audit Approver Comment
- The comment that is added by an approver during the violation
exemption process.
- Audit Policy Rule Name
- The name of a rule that is associated with the separation of
duty policy.
- Audit Policy Rule Max Roles Allowed
- The maximum number of the roles that can be a part of the separation
of duty rule.
- Audit Policy Rule Version
- The separation of duty rule version.
- Audit Time Stamp
- The audit action occurrence time stamp.
- Audit Exemption Time Stamp
- The time stamp of the last violation occurred during separation
of duty policy evaluation.
- Audit Violation Id
- A unique numeric identifier for the violation record.
- Audit Policy Global Id
- A unique identifier for the separation of duty policy.
- Audit Rule Global Id
- A unique identifier for the separation of duty policy rule.
- Audit Person Global Id
- A unique identifier for the person against whom the violation
occurred.
|
Separation of Duty Policy Violation
and Exemption History |
- Audit Status
- The status of the separation of duty policy violation or exemption.
The possible values are:
Violation - indicates that the violation occurred.
Approved - indicates that an approver approved
the exempted violation.
- Audit Person Name
- The name of a person to which the violation refers.
- Audit Person Business Unit
- The business unit to which a person involved in the violation
belongs.
- Audit Approver Name
- The name of a person who exempted the violation.
- Audit Approver Business Unit
- The business unit of the user who exempted the violation.
- Audit Approver Comment
- The comment that is added by an approver during the violation
exemption process.
- Audit Policy Rule Name
- The name of a rule that is associated with the separation of
duty policy.
- Audit Policy Rule Max Roles Allowed
- The maximum number of the roles that can be a part of the separation
of duty rule.
- Audit Policy Rule Version
- The separation of duty rule version.
- Audit Time Stamp
- The audit action occurrence time stamp.
- Audit Violation Id
- A unique numeric identifier for the violation record.
- Audit Policy Global Id
- A unique identifier for the separation of duty policy.
- Audit Rule Global Id
- A unique identifier for the separation of duty policy rule.
- Audit Person Global Id
- A unique identifier for the person against whom the violation
occurred.
|
Separation of Duty Policy Audit |
- Audit Separation of Duty Policy Name
- The name of the separation of duty policy.
- Audit Separation of Duty Policy Business Unit
- The business unit of the separation of duty policy.
- Audit Action
- An action that is performed on the separation of duty policy.
For example,
Add , Modify , Delete ,
and Reconcile .
- Audit Comments
- The comments that are entered by the approver.
- Audit Process Subject
- The name of the separation of duty policy on which the audit action
occurs.
- Audit Process Subject Profile
- The profile type of an entity that is associated with the audit
action. This query item contains the value only if the
Audit
Process Subject contains a value.
- Audit Process Subject Service
- The service to which an entity represented by the
Audit
Process Subject query item belongs.
- Audit Process Recertifier Name
- The name of a user who approves the audit process workflow.
- Audit Process Requestee Name
- The entity upon which the audit action is performed.
- Audit Initiator Name
- The name of a user who initiates the audit action.
- Audit Activity Owner
- The name of a user who owns the audit activity.
- Audit Activity Name
- The name of the audit activity.
- Audit Operation Start Time
- The audit operation initiation date and time.
- Audit Process Submission Time
- The audit process submission date and time.
- Audit Process Schedule Time
- The date and time at which an event is scheduled for execution.
- Audit Process Completion Time
- The audit process completion date and time.
- Audit Activity Result Summary
- The result of an activity within the account audit process.
- Audit Process Result Summary
- The result of an account audit process.
|
Separation of Duty Policy Role Conflict |
- User Roles in Conflict
- The name of the role on the person that is found in violation
of the separation of duty policy rule.
- User Roles in Conflict Role Dn
- An LDAP distinguished name for a role on the person that is found
in violation of the separation of duty policy rule.
- User Roles in Conflict Business Unit Dn
- An LDAP distinguished name for the business unit of a role on
the person that is found in violation of the separation of duty policy
rule.
- User Roles in Conflict Owner Dn
- An LDAP distinguished name for an owner of a role. The referred
role is the role that participates in the separation of duty policy.
This query item might be empty if no owners are assigned to the role.
- Policy Roles in Conflict
- The name of the role as referenced in the separation of duty policy
rule that is involved in the violation.
- Policy Roles in Conflict Role Dn
- An LDAP distinguished name for the role as referenced in the separation
of duty policy rule that is involved in the violation.
- Policy Roles in Conflict Business Unit Dn
- An LDAP distinguished name for the business unit of a role as
referenced in the separation of duty policy rule that is involved
in the violation.
- Policy Roles in Conflict Owner Dn
- An LDAP distinguished name for an owner of a role. The referred
role is the role that associates with a user. This query item might
be empty if no owners are assigned to the role.
- Separation of Duty Policy Violation Id
- A unique numeric identifier for the separation of duty violation
record.
|