Standard Reports

The Standard Reports section provides pre-configured reports related to reviews, applications, identities, and entitlement roles. Review the following information to learn more about each of the available reports.

 

Identities

Report Name & Description

Sample

Identity Details

This report provides a list of all applications and privileges associated with the selected Identity.  Report details include the following:

  • Report header - displays the Identity's name, title, and supervisor

Column headings:

  • Applications - all applications and privileges associated with the Identity (according to the most recent import data) along with Risk Ratings for each privilege

This report is available in PDF and Excel formats.

Reviewed Privileges

This report provides a list of all applications and reviewed privileges for the selected Identity - regardless of when the application was reviewed or whether they still have access to that application. For example, if David Barron had privileges within WireXchange 3 years ago, but his access was removed from WireXchange 2 years ago (so he has not been seen within a WireXchange review for the last 2 years) Permission Assist will use the review from 3 years ago to display his list of privileges for that particular application. 

Report details include the following:

  • Report header - displays the Identity's name, title, and supervisor

Columns:

  • Application - all applications and privileges associated with the Identity (according to the most recently reviewed data - regardless of which review that application appeared in) along with the Risk Ratings for each privilege

This report is available in PDF and Excel formats.

All Identities Summary

This report provides a list of all Identities within Permission Assist. The following information is provided within both the PDF and the Excel reports:

  • First and Last - Displays the first and last name of the Identity as defined within Active Directory

  • Username - Displays the Identity's username

  • Title - Displays the title as defined within Active Directory

  • Supervisor - Displays the Identity's supervisor as defined within the Managed By field within Active Directory

Additional information is available within the Excel version of the report:

  • Email

  • Directory ID

  • Directory Lookup

  • Employee ID

  • Status - Displays the status of the Identity within Active Director (Active, Disabled, or Removed)

  • Type - Displays the type as defined within the Overview field on the Identity Details page (Manage > Identities > select the Identity)

  • First Seen - Displays the date the Identity was first imported within Permission Assist

This report is available in PDF and Excel formats.

Approved Enrollments

This report provides a list of all active Identities within Permission Assist and the Entitlement Roles associated with each Identity. This is a flattened file so if someone belongs to more than one Entitlement Role, you'll see one row for each Entitlement Role they are enrolled in.

  • Username - Displays the Identity's username

  • First and Last Name - Displays the first and last name of the Identity as defined within Active Directory

  • Email - Displays the Identity's email address as defined within Active Directory

  • Title - Displays the job title as defined within Active Directory

  • Supervisor - Displays the Identity's supervisor as defined within the Managed By field within Active Directory

  • Entitlement Role - Displays the Entitlement Role the Identity is enrolled in

  • Type - Indicates whether the person was enrolled manually or whether the person was automatically added to the Entitlement Role based on a match of job title or other criteria

  • Expires On - Displays the date the enrollment will expire (applies to manual enrollments only)

  • Reason - Displays the reason for the enrollment (applies to manual enrollments only)

This report is available in Excel format.

 

 

Applications

Reports in this category provide information related to a specific application.

Report Name & Description

Sample

Application Users

This report provides a list of all users within a selected application. Report details include the following:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Username - shows the name of the application user

  • Identity - shows the name of the matched Identity; Identity status is indicated by either black (active) or red (disabled/removed)

  • Privileges (Detailed Report Only) - displays all of the user's privileges

Within the Excel version of the report, additional columns provide the following information, if available:

  • Matched Identity Status

  • Account Type

  • Last Login 

  • Last Password Change

  • Password Expiration

  • Account Expiration

  • Created Date

  • Last Updated Date

Both the summary and detail versions of this report are available in PDF and Excel formats.

Orphaned Accounts

This report provides a list of all users assigned to disabled or missing Identities. Report details include the following:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Username - shows the name of the application user

  • Identity - shows the name of the matched Identity

  • Last Login (Summary Report Only) - if available, the date of last login is displayed

  • Privileges (Detailed Report Only) - displays all of the user's privileges

Both the summary and detail versions of this report are available in PDF and Excel formats.

Ghost Accounts

This report provides a list of all users that are not assigned to an Identity. Report details include the following:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Username - shows the name of the application user

  • Last Login (Summary Report Only) - if available, the date of last login is displayed 

  • Privileges (Detailed Report Only) - displays all of the user's privileges

Both the summary and detail versions of this report are available in PDF and Excel formats.

Identity Representation

This report provides a list of all Identities and their matched application users. The following information is provided within the report:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Matched Users - includes the user name, the matched Identity, and the Last Login data - if available

  • Email - includes the email address of the matched Identity, if available

This report is available in PDF and Excel formats.

Last Login Date

This report provides a list of all users within the application along with the last login dates for each.  Report details include the following:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Username - displays the name of the application user

  • Match - displays the Identity the application user is matched to

  • Last Login - displays the application user's date of last login

  • Password Expires - displays the date the password expires, when available

  • Account Expires - displays the date the user account expires, when available

This report is available in PDF and Excel formats.

Application Groups

This report provides a list of all groups within a selected application.  Report details include the following:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Name - shows the name of the group

  • Users (Detailed Report Only) - displays a list of users assigned to the group; for each user, the matched Identity is also displayed

  • Groups - within the Summary Report, a list of groups is displayed; within the Detailed Report each group is displayed along with all privileges associated with the group

This report is available in PDF and Excel formats.

Reviewing Supervisors

This report provides a list of all application users and their supervisor as well as their assigned supervisor. Report details include the following:

  • Report header - displays the selected application, import number and date the data was imported.

Columns:

  • Application Users - includes the user name, the matched Identity, the Supervisor, and the Reviewing Supervisor. The Supervisor column displays the Supervisor assigned to the Identity within your directory source (ex. Active Directory). If the Supervisor defined within the directory source has been overridden (either within the application or within the Identity) the Reviewing Supervisor column shows the supervisor that was assigned to this application user. 

This report is available in PDF and Excel formats.

Application Responsibilities

This report provides a list of all applications that have Identities who are either Application Managers or Provision Engineers. Report details include the following columns of information:

  • Application - Displays the application name

  • Identity - Displays the Identity's first name, last name, and username

  • Application Manager - indicates whether the Identity has application responsibilities; if the column includes an "x" the Identity is an Application Manager

  • Provision Engineer - indicates whether the Identity has application responsibilities; if the column includes an "x" the Identity is an Provision Engineer

This report is available in Excel format.

 

Entitlement Roles

Report Name & Description

Sample

Detailed Export

This report provides a list of all applications and privileges for the entitlement role.  Report details include the following:

  • Report header - displays the name of the entitlement role, the status (enabled or disabled), and the number of Identities associated with the Entitlement Role

Columns:

  • Identity Matchers - displays what was used to create the entitlement roles (Identities, titles, departments, etc.) 

  • Matched Identities - displays a list of Identities associated with the entitlement role

  • Applications - displays a list of applications and all privileges and whether access is allowed or not

This report is available in PDF and Excel formats.

 

Personnel Events

Report Name & Description

Sample

Onboarding

This report is available in two formats - one that provides a list of all onboarding events that are currently open, and another that provides a list of all onboarding events within the last 18 months.  Report details include the following:

  • Report header - displays the timeline, which indicates whether the report shows the onboarding events that are currently open or whether it shows all onboarding events over the last 18 months. Events are considered currently open if they are in one of the following statuses: Pending, Scheduled, Needs Approval, Needs Verification. The "Last 18 months" report shows events of any status.

Columns:

  • Identity - displays the Identity associated with the onboarding event

  • Status - indicates where the event is at in the process of onboarding (approve, provision, verify)

  • Assignee - displays the name of the person assigned to the personnel event. This may or may not be the person who reported/created the personnel event

  • Needed by - displays the date provisioning needs to be completed

This report is available in both PDF and Excel formats.

Offboarding

This report is available in two formats - one that provides a list of all offboarding events that are currently open, and another that provides a list of all offboarding events within the last 18 months.  Report details include the following:

  • Report header - displays the timeline, which indicates whether the report shows the offboarding events that are currently open or whether it shows all offboarding events over the last 18 months. Events are considered currently open if they are in one of the following statuses: Pending, Scheduled, Needs Approval, Needs Verification. The "Last 18 months" report shows events of any status

Columns:

  • Identity - displays the Identity associated with the offboarding event

  • Status - indicates where the event is at in the process of offboarding (approve, provision, verify)

  • Assignee - displays the name of the person assigned to the personnel event. This may or may not be the person who reported/created the personnel event

  • Revoke at - displays the date provisioning needs to be completed

This report is available in both PDF and Excel formats.

Role Transitions

This report is available in two formats - one that provides a list of all role transitions that are currently open, and another that provides a list of all role transitions within the last 18 months.  Report details include the following:

  • Report header - displays the timeline, which indicates whether the report shows the role transitions that are currently open or whether it shows all role transitions over the last 18 months. Role Transitions are considered currently open if they are in one of the following statuses: Pending, Scheduled, Needs Approval, Needs Verification. The "Last 18 months" report shows role transitions of any status

Columns:

  • Identity - displays the Identity associated with the role transition

  • Status - indicates where the role transitions is at in the process (approve, provision, verify)

  • Assignee - displays the name of the person assigned to the personnel event. This may or may not be the person who reported/created the personnel event

  • Needed by - displays the date provisioning of the employee's new permissions need to be completed

  • Overlapping Until - displays the date deprovisioning of the employee's previous permissions need to be completed

This report is available in both PDF and Excel formats.

Leaves of Absence

This report is available in two formats - one that provides a list of all LOA events that are currently open, and another that provides a list of all LOA events within the last 18 months.  Report details include the following:

  • Report header - displays the timeline, which indicates whether the report shows the LOA events that are currently open or whether it shows all LOA events over the last 18 months. Events are considered currently open if they are in one of the following statuses: Pending, Scheduled, Needs Approval, Needs Verification. The "Last 18 months" report shows events of any status

Columns:

  • Identity - displays the Identity associated with the LOA

  • Status - indicates where the LOA event is at in the process (approve, provision, verify)

  • Assignee - displays the name of the person assigned to the personnel event. This may or may not be the person who reported/created the personnel event

  • Suspend At - displays the date suspension of the employee's permissions need to be completed

  • Restore By - displays the date the restoration of the employee's permissions need to be completed

This report is available in both PDF and Excel formats.

 

 

Reviews

Reports in this category provide information related to a specific review (regardless of whether the review is currently open or completed). 

Report Name & Description

Sample

Overview Summary

This report provides a high-level summary of the review. Available in either PDF or Excel format, this report information includes the following:

  • Review start and end dates along with the Security Team member that completed the review, if applicable

  • Type of review conducted (full or quick)

  • Statistics related to the applications, number of review items, number or pre-approved items (if applicable), and so on.

  • Item approval workflow (such as strict or flexible), single or multiple level approval and so on.

  • A list of applications included along with the following:

    • The date of the import data used in the review

    • The risk rating of the application

    • The number of users reviewed

    • The percentage complete

    • The number of flagged or remediated items

 

Flagged

This report provides a list of all flagged review items. Report details include the following:

  • Report header - displays the application name, import number and date the data was imported. 

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (flagged)

  • The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

  • All comments and actions associated with the review item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Remediated

This report provides a list of all remediated items/access requests within the review. Report details include the following:

  • Report header - displays the application name, import number and date the data was imported. 

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (remediated)

  • The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

  • All comments and actions associated with the review item

  • All comments and actions associated with the remediation/access request 

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Has Comments

This report provides a list of all items that have comments within the review. Report details include the following:

  • Report header - displays the application name, import number and date the data was imported. If separation rules were included in the review, they'll be displayed at the top of the report and the application name is replaced by the separation rule name

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (pre-approved, approved, flagged, incomplete, remediated)

  • The name of each reviewer and the date they took action on the item (marking it either approved, flagged, remediated, etc.)

  • All comments and actions associated with the item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Self-Reviewed

This report provides a list of any item for which the reviewer took action on their own privileges. Report details include the following:

  • Report header - displays the application and import number associated with the review item along with the date of the imported data being reviewed.

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (approved, flagged, incomplete, remediated)

  • The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

  • All comments associated with the item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Single Reviewer

This report provides a list of all items reviewed by only one reviewer. Report details include the following:

  • Report header - displays the application and import number associated with the review item along with the date of the imported data being reviewed.

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (approved, flagged, incomplete, remediated)

  • The name of the reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

  • All comments associated with the item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Stand-in Reviewers

This report provides a list of all items within the review that were reviewed by the security team because no other reviewers were present. 

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

 

Sample not available

Separation Rule Violations

This report provides a list of all items that were identified as violating separation of duty rules. Report details include the following:

  • Report header - displays the separation rule and import number along with the date of the imported data being reviewed.

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (approved, flagged, incomplete, remediated)

  • The name of the reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

  • All comments associated with the item

  • The list of actions for each item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

All Review Items

This report provides a list of all items within the review. Report details include the following:

  • Report header - displays the application name, import number and date the data was imported. If separation rules were included in the review, they'll be displayed at the top of the report and the application name is replaced by the separation rule name

Columns:

  • Item information - shows the name of the application user and the review item number

  • The status of the item (pre-approved, approved, flagged, incomplete, remediated)

  • Ideal access - shows whether the item's permissions are in or out of bounds based on the Entitlement Role. Options include - Ideal (within range), Over Privileged (privileges elevated outside of the ideal range), or Accepted Overprivileged (meaning the reviewers approved the employee's access even though it was elevated outside of the ideal range), Underprivileged

  • The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

  • All comments associated with the item

  • The list of actions for each flagged or remediated item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Ideal Access

This report provides a list of all items within the review and whether the user has ideal access as compared to their associated Entitlement Roles. Report details include the following:

  • Report header - displays the application name, import number and date the data was imported.

Columns:

  • Item information - shows the review item number, the name of the application user, and the matched Identity

  • The Entitlement Roles associated with the application user

  • Ideal access - shows whether the item's permissions are in or out of bounds based on the Entitlement Role. Options include - Ideal (within range), Over Privileged (privileges elevated outside of the ideal range), or Accepted Overprivileged (meaning the reviewers approved the employee's access even though it was elevated outside of the ideal range), or Underprivileged

This report is available in PDF and Excel formats.

Last Login Date

This report provides a list of users and their last login dates for each application within the review. Report details include the following:

  • Report header - displays the application name, import number and date the data was imported. If separation rules were included in the review, they'll be displayed at the top of the report and the application name is replaced by the separation rule name

Columns:

  • Review Item - shows the number of the review item

  • Username - displays the name of the application user

  • Match - displays the Identity the application user is matched to

  • Last Login - displays the application user's date of last login

This report is available in PDF and Excel formats.

Application Imports

This zipped file contains the raw system files for each application import used in the review.

An import report is also included for each application import. This report provides import data related to the import used in the review and is similar to the information found on the Import Summary tab. This analytical data is often used as a verification tool for internal and external auditors, ensuring the data hasn't been tampered with between the time it was generated and the time it was imported. If the data being imported falls outside of the typical trend for that application, a warning message is displayed. The number of new/changed users and their privileges is validated within the review as further verification.

Report details include the following:

  • Report title - displays the application and import number

  • Import summary information including the following:

    • Application name

    • Import number

    • Status of the import

    • The user that imported the data

    • The name of the files imported

    • The date and time of the import

  • Import data for users, groups, and privileges including the number added, changed, and removed along with the percentage of change for each.

Application Audit Package

Includes all reports and files described above for a single application within the review. All files are zipped in a single downloadable file. 

This file may take a long time to build. You may continue working while the report is being generated. When the report becomes available for downloading, Permission Assist will alert you by displaying a little white bell icon ( )next to the Reports menu on the menu bar. An email notification is sent as a reminder if the zipped file has not been downloaded within 15 minutes of being generated. Only one email notification is sent, and it will only be sent if the file is not downloaded within 15 minutes.

N/A

Complete Audit Package

Includes all reports and files described above for all applications within the review. All selected files are zipped in a single downloadable file. 

This file may take a long time to build. You may continue working while the report is being generated. When the report becomes available for downloading, Permission Assist will alert you by displaying a little white bell icon next to the Reports menu on the menu bar. An email notification is sent as a reminder if the zipped file has not been downloaded within 15 minutes of being generated. Only one email notification is sent, and it will only be sent if the file is not downloaded within 15 minutes.

N/A

Reviewed Applications

Provides an analytical summary of review data for either all applications within the most recent review or all applications within all reviews. Includes information such as the number of pending items, approved items, remediated items, and more so you can track this data over time.

This file may take a long time to build if you generate the report for all reviews. You may continue working while the report is being generated. When the report becomes available for downloading, Permission Assist will alert you by displaying a little white bell icon next to the Reports menu on the menu bar. An email notification is sent as a reminder if the zipped file has not been downloaded within 15 minutes of being generated. Only one email notification is sent, and it will only be sent if the file is not downloaded within 15 minutes.