Standard Reports

Identity Details

This report provides a list of all applications and privileges associated with the selected Identity.  For each Identity you'll see the following:

• Report header - displays the Identity's name, title, and supervisor

• Applications - all applications and privileges associated with the Identity (according to the most recent import data) along with Risk Ratings for each privilege

This report is available in PDF and Excel formats.

Reviewed Privileges

This report provides a list of all applications and reviewed privileges for the selected Identity - regardless of when the application was reviewed or whether they still have access to that application. For example, if David Barron had privileges within WireXchange 3 years ago, but his access was removed from WireXchange 2 years ago (so he has not been seen within a WireXchange review for the last 2 years) Permission Assist will use the review from 3 years ago to display his list of privileges for that particular application. 

For each Identity you'll see the following:

• Report header - displays the Identity's name, title, and supervisor

• Application - all applications and privileges associated with the Identity (according to the most recently reviewed data - regardless of which review that application appeared in) along with the Risk Ratings for each privilege

This report is available in PDF and Excel formats.

All Identities Summary

This report provides a list of all Identities within Permission Assist. The following information is provided within both the PDF and the Excel reports:

• First and Last - Displays the first and last name of the Identity as defined within Active Directory

• Username - Displays the Identity's username

• Title - Displays the title as defined within Active Directory

• Supervisor - Displays the Identity's supervisor as defined within the Managed By field within Active Directory

Additional information is available within the Excel version of the report:

• Email

• Directory ID

• Directory Lookup

• Employee ID

• Status - Displays the status of the Identity within Active Director (Active, Disabled, or Removed)

• Type - Displays the type as defined within the Overview field on the Identity Details page (Manage > Identities > select the Identity)

• First Seen - Displays the date the Identity was first imported within Permission Assist

This report is available in PDF and Excel formats.

Report Name & Description

Sample

Application Users

This report provides a list of all users within a selected application. For each user within the application, you'll see the following:

• Report header - displays the selected application, import number and date the data was imported.

• Username - shows the name of the application user

• Identity - shows the name of the matched Identity; Identity status is indicated by either black (active) or red (disabled/removed)

• Privileges (Detailed Report Only) - displays all of the user's privileges

Within the Excel version of the report, additional columns provide the following information, if available:

• Matched Identity Status

• Account Type

• Last Login 

• Last Password Change

• Password Expiration

• Account Expiration

• Created Date

• Last Updated Date

Both the summary and detail versions of this report are available in PDF and Excel formats.

Orphaned Accounts

This report provides a list of all users assigned to disabled or missing Identities. For each user within the application, you'll see the following:

• Report header - displays the selected application, import number and date the data was imported.

• Username - shows the name of the application user

• Identity - shows the name of the matched Identity

• Last Login (Summary Report Only) - if available, the date of last login is displayed

• Privileges (Detailed Report Only) - displays all of the user's privileges

Both the summary and detail versions of this report are available in PDF and Excel formats.

Ghost Accounts

This report provides a list of all users that are not assigned to an Identity. For each user within the application, you'll see the following:

• Report header - displays the selected application, import number and date the data was imported.

• Username - shows the name of the application user

• Last Login (Summary Report Only) - if available, the date of last login is displayed 

• Privileges (Detailed Report Only) - displays all of the user's privileges

Both the summary and detail versions of this report are available in PDF and Excel formats.

Identity Representation

This report provides a list of all Identities and their matched application users. For each Identity, you'll see the following:

• Report header - displays the selected application, import number and date the data was imported.

• Matched Users - includes the user name, the matched Identity, and the Last Login data - if available

• Email - includes the email address of the matched Identity, if available

This report is available in PDF and Excel formats.

Last Login Date

This report provides a list of all users within the application along with the last login dates for each.  Report details include the following:

• Report header - displays the selected application, import number and date the data was imported.

• Username - displays the name of the application user

• Match - displays the Identity the application user is matched to

• Last Login - displays the application user's date of last login

• Password Expires - displays the date the password expires, when available

• Account Expires - displays the date the user account expires, when available

This report is available in PDF and Excel formats.

Application Groups

This report provides a list of all groups within a selected application.  For each group within the application, you'll see the following:

• Report header - displays the selected application, import number and date the data was imported.

• Name - shows the name of the group

• Users (Detailed Report Only) - displays a list of users assigned to the group; for each user, the matched Identity is also displayed

• Groups - within the Summary Report, a list of groups is displayed; within the Detailed Report each group is displayed along with all privileges associated with the group

This report is available in PDF and Excel formats.

Reviewing Supervisors

This report provides a list of all application users and their supervisor as well as their assigned supervisor. For each Identity, you'll see the following:

• Report header - displays the selected application, import number and date the data was imported.

• Application Users - includes the user name, the matched Identity, the Supervisor, and the Reviewing Supervisor. The Supervisor column displays the Supervisor assigned to the Identity within your directory source (ex. Active Directory). If the Supervisor defined within the directory source has been overridden (either within the application or within the Identity) the Reviewing Supervisor column shows the supervisor that was assigned to this application user. 

This report is available in PDF and Excel formats.

Detailed Export

This report provides a list of all applications and privileges for the entitlement role.  For each role you'll see the following:

• Report header - displays the name of the entitlement role, the status (enabled or disabled), and the number of Identities associated with the Entitlement Role

• Identity Matchers - displays what was used to create the entitlement roles (Identities, titles, departments, etc.) 

• Matched Identities - displays a list of Identities associated with the entitlement role

• Applications - displays a list of applications and all privileges and whether access is allowed or not

This report is available in PDF and Excel formats.

Report Name & Description

Sample

Overview Summary

This report provides a high-level summary of the review. Available in either PDF or Excel format, this report information includes the following:

• Review start and end dates along with the Security Team member that completed the review, if applicable

• Type of review conducted (full or quick)

• Statistics related to the applications, number of review items, number or pre-approved items (if applicable), and so on.

• Item approval workflow (such as strict or flexible), single or multiple level approval and so on.

• A list of applications included along with the following:

  • The date of the import data used in the review

  • The risk rating of the application

  • The number of users reviewed

  • The percentage complete

  • The number of flagged or remediated items

Flagged

This report provides a list of all flagged review items. For each flagged item, you'll see the following:

• Report header - displays the application name, import number and date the data was imported. 

• Item information - shows the name of the application user and the review item number

• The status of the item (flagged)

• The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

• All comments and actions associated with the review item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Remediated

This report provides a list of all remediated items/access requests within the review. For each remediated item, you'll see the following:

• Report header - displays the application name, import number and date the data was imported. 

• Item information - shows the name of the application user and the review item number

• The status of the item (remediated)

• The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

• All comments and actions associated with the review item

• All comments and actions associated with the remediation/access request 

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Has Comments

This report provides a list of all items that have comments within the review. For each item, you'll see the following:

• Report header - displays the application name, import number and date the data was imported. If separation rules were included in the review, they'll be displayed at the top of the report and the application name is replaced by the separation rule name

• Item information - shows the name of the application user and the review item number

• The status of the item (pre-approved, approved, flagged, incomplete, remediated)

• The name of each reviewer and the date they took action on the item (marking it either approved, flagged, remediated, etc.)

• All comments and actions associated with the item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Self-Reviewed

This report provides a list of any item for which the reviewer took action on their own privileges. For each item, you'll see the following:

• Report header - displays the application and import number associated with the review item along with the date of the imported data being reviewed.

• Item information - shows the name of the application user and the review item number

• The status of the item (approved, flagged, incomplete, remediated)

• The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

• All comments associated with the item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Single Reviewer

This report provides a list of all items reviewed by only one reviewer. For each item, you'll see the following:

• Report header - displays the application and import number associated with the review item along with the date of the imported data being reviewed.

• Item information - shows the name of the application user and the review item number

• The status of the item (approved, flagged, incomplete, remediated)

• The name of the reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

• All comments associated with the item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Stand-in Reviewers

This report provides a list of all items within the review that were reviewed by the security team because no other reviewers were present. 

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Sample not available

Separation Rule Violations

This report provides a list of all items that were identified as violating separation of duty rules. For each item, you'll see the following:

• Report header - displays the separation rule and import number along with the date of the imported data being reviewed.

• Item information - shows the name of the application user and the review item number

• The status of the item (approved, flagged, incomplete, remediated)

• The name of the reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

• All comments associated with the item

• The list of actions for each item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

All Review Items

This report provides a list of all items within the review. For each review item, you'll see the following:

• Report header - displays the application name, import number and date the data was imported. If separation rules were included in the review, they'll be displayed at the top of the report and the application name is replaced by the separation rule name

• Item information - shows the name of the application user and the review item number

• The status of the item (pre-approved, approved, flagged, incomplete, remediated)

• Ideal access - shows whether the item's permissions are in or out of bounds based on the Entitlement Role. Options include - Ideal (within range), Over Privileged (privileges elevated outside of the ideal range), or Accepted Overprivileged (meaning the reviewers approved the employee's access even though it was elevated outside of the ideal range), Underprivileged

• The name of each reviewer and the date they took action on the item (marking it either flagged, approved, etc.)

• All comments associated with the item

• The list of actions for each flagged or remediated item

Both the summary and detail versions of this report are available in PDF and Excel formats. A "flat" version which allows for more customized filtering and sorting is also available.

Ideal Access

This report provides a list of all items within the review and whether the user has ideal access as compared to their associated Entitlement Roles. For each review item, you'll see the following:

• Report header - displays the application name, import number and date the data was imported.

• Item information - shows the review item number, the name of the application user, and the matched Identity

• The Entitlement Roles associated with the application user

• Ideal access - shows whether the item's permissions are in or out of bounds based on the Entitlement Role. Options include - Ideal (within range), Over Privileged (privileges elevated outside of the ideal range), or Accepted Overprivileged (meaning the reviewers approved the employee's access even though it was elevated outside of the ideal range), or Underprivileged

This report is available in PDF and Excel formats.

Last Login Date

This report provides a list of users and their last login dates for each application within the review. For each application, you'll see the following:

• Report header - displays the application name, import number and date the data was imported. If separation rules were included in the review, they'll be displayed at the top of the report and the application name is replaced by the separation rule name

• Review Item - shows the number of the review item

• Username - displays the name of the application user

• Match - displays the Identity the application user is matched to

• Last Login - displays the application user's date of last login

This report is available in PDF and Excel formats.

Application Imports

This zipped file contains the raw system files for each application import used in the review.

An import report is also included for each application import. This report provides import data related to the import used in the review and is similar to the information found on the Import Summary tab. This analytical data is often used as a verification tool for internal and external auditors, ensuring the data hasn't been tampered with between the time it was generated and the time it was imported. If the data being imported falls outside of the typical trend for that application, a warning message is displayed. The number of new/changed users and their privileges is validated within the review as further verification.

This report provides the following information for each import within the review

• Report title - displays the application and import number

• Import summary information including the following:

  • Application name

  • Import number

  • Status of the import

  • The user that imported the data

  • The name of the files imported

  • The date and time of the import

• Import data for users, groups, and privileges including the number added, changed, and removed along with the percentage of change for each.

Application Audit Package

Includes all reports and files described above for a single application within the review. All files are zipped in a single downloadable file. 

This file may take a long time to build. You may continue working while the report is being generated. When the report becomes available for downloading, Permission Assist will alert you by displaying a little white bell icon ( )next to the Reports menu on the menu bar. An email notification is sent as a reminder if the zipped file has not been downloaded within 15 minutes of being generated. Only one email notification is sent, and it will only be sent if the file is not downloaded within 15 minutes.

N/A

Complete Audit Package

Includes all reports and files described above for all applications within the review. All selected files are zipped in a single downloadable file. 

This file may take a long time to build. You may continue working while the report is being generated. When the report becomes available for downloading, Permission Assist will alert you by displaying a little white bell icon next to the Reports menu on the menu bar. An email notification is sent as a reminder if the zipped file has not been downloaded within 15 minutes of being generated. Only one email notification is sent, and it will only be sent if the file is not downloaded within 15 minutes.

N/A

Reviewed Applications

Provides an analytical summary of review data for either all applications within the most recent review or all applications within all reviews. Includes information such as the number of pending items, approved items, remediated items, and more so you can track this data over time.

This file may take a long time to build if you generate the report for all reviews. You may continue working while the report is being generated. When the report becomes available for downloading, Permission Assist will alert you by displaying a little white bell icon next to the Reports menu on the menu bar. An email notification is sent as a reminder if the zipped file has not been downloaded within 15 minutes of being generated. Only one email notification is sent, and it will only be sent if the file is not downloaded within 15 minutes.