Query items for Recertification Audit namespace

Query items for Recertification Audit namespace

The following table lists the query items in the Recertification Audit namespace.

Query subject Query items and their description

User Recertification Policy
Recertification Policy Name

The name of the recertification policy.

Recertification Policy Type

The type of an entity that gets recertified by using this policy. The valid values are Account, Access, and Identity.

Recertification Policy Description

The description of the policy as specified in the policy configuration.

Recertification Policy Enabled

Shows whether the policy is enabled.

Recertification Policy Scheduled

The recertification scheduling modes. The valid values are CALENDAR and ROLLING.

Recertification Policy Rolling Interval in Days

The recertification period if the recertification policy scheduling mode is ROLLING. No value in this query item indicates that the scheduling is not in the ROLLING mode.

Recertification Policy Reject Action

An action that was taken if the recertification is rejected.

Recertification Policy Timeout Period in Days

The duration during which a recertifier must act.

Recertification Policy Timeout Action

The automatic action that must be taken if the recertification times out.

Recertification Policy DN

An LDAP distinguished name for the recertification policy.

Recertification Policy Container DN

An LDAP distinguished name for a business unit to which the recertification policy applies.

Recertification Policy Is Custom

Indicates whether the recertification policy is customized. It is defined in the workflow.

Recertification Policy User Class

The type of a user to which the recertification policy applies. The valid values are All, Person, and Business Partner Person.

Recertification Policy Scope

Indicates whether the recertification policy applies to the business unit and its subunits or either of them.

User Recert History
User Recert History Person Name

The full name of a person.

User Recert History Person Email

The user email identifier.

User Recert History Person Status

A user status at the end of the recertification workflow process. The valid values are Active and Inactive.

User Recert History Person Business Unit Name

A business unit to which a user belongs.

User Recert History Recertification Policy Name

The recertification policy that created a user entity.

User Recert History Timeout

Shows whether the recertification process is timed out or not. 0 represents Not timed out, and 1 represents Timed out.

User Recert History Comments

The comments that are entered by a user during the user recertification process.

User Recert History Process Comments

The comments that are entered by a user during the recertification process.

User Recert History Process Submission time

The recertification policy submission time.

User Recert History Process Start Time

The time at which user recertification workflow process was started.

User Recert History Process Completion Time

A user recertification history process completion time.

User Recert History Process Last Modified Time

The time at which user recertification workflow process was last modified.

User Recert History Process Requester Name

The name of a user who submitted the request for recertification.

User Recert History Process Requestee Name

The name of a user entity for whom the request for recertification was submitted.

User Recert History Process Recertifier Name

The name of a user who is the final approver in the recertification workflow process.

User Recert History Process Result Summary

An overall summary of a user recertification workflow process result.

User Recert History Process Scheduled

The schedule for recertification policy submission.

User Recert History Id

A unique ID assigned by ISIM to a user recertification audit history.

User Recert History Person DN

An LDAP distinguished name for a user entity in the recertification process.

User Recert History Recertification Policy DN

An LDAP distinguished name for the recertification policy that recertifies a user entity.

Person
Person Full Name

The full name of a user.

Person Last Name

The surname of a user.

Person Status

The status of a user.

Person Dn

An LDAP distinguished name for a user entity.

Person Business Unit Dn

An LDAP distinguished name for a business unit to which a user belongs.

Person Supervisor

The name of a user who is the supervisor of a user entity.

Person Organization
Business Unit Name

The name of a business unit to which a user belongs.

Business Unit Supervisor

A user supervisor of a business unit.

Business Unit DN

An LDAP distinguished name for the business unit to which a user belongs.

Business Unit Container DN

An LDAP distinguished name for the parent business unit of an organization entity.

User Recert Account
User Recert Account Name

The name of an account in a user recertification.

User Recert Account Service Name

The name of a service to which an account belongs.

User Recert Account Service Description

Describes the service that is associated to an account.

User Recert Account Status

The status of an account at the end of the recertification. The valid values are Approved and Rejected.

User Recert Account Recert Id

A unique numeric ID assigned by ISIM to an account recertification.

User Recert Account DN

An LDAP Distinguished name for an account entity in the recertification.

User Recert Account Service DN

An LDAP Distinguished name for the service to which an account entity belongs.

User Recert Group
User Recert Group Name

The name of a group in the user recertification.

User Recert Group Description

Describes the recertification group.

User Recert Group Status

The status of a group at the end of the recertification. The valid values are Approved and Rejected.

User Recert Group Recert Id

A unique numeric ID assigned by IBM Security Identity Manager to a group recertification.

User Recert Group DN

An LDAP Distinguished name for a group entity in the recertification.

User Recert Group Service
Group Name

The name of a group.

Service Name

The name of a service to which the group belongs.

Service Type

The service profile type.

Service Url

A URL that connects to the managed resource.

Service DN

An LDAP distinguished name for a service to which the group belongs.

Service Container Dn

An LDAP distinguished name for a business unit of the service associated with a group.

Service Owner Dn

An LDAP distinguished name for a user owner of the service.

Group Dn

An LDAP distinguished name for a group entity in the recertification.

User Recert Role
User Recert Role Name

The name of a role in the user recertification.

User Recert Role Description

The description of a role.

User Recert Role Status

The status of a role at the end of the recertification. The valid values are Approved and Rejected.

User Recert Role Recert Id

A unique numeric identifier that is assigned by IBM Security Identity Manager to a role recertification.

User Recert Role DN

An LDAP Distinguished name for a role entity in the recertification.

Account
Account Name

The name of an account.

Account Service Dn

An LDAP distinguished name for a service that provisions an account.

Account Status

The status of an account. The valid values are Active and Inactive.

Account Compliance

The details about an account compliance. The valid values are Unknown, Compliant, Non Compliant, and Disallowed.

Account Ownership Type

The ownership type of an account. The valid values are Individual, System, Device, and Vendor.

Account Last Access Date

The last date when an account was accessed.

Account Container Dn

An LDAP distinguished name for a business unit to which an account belongs.

Account Service
Service Name

The name of a service to which an account belongs.

Service Dn

An LDAP distinguished name for a service to which an account belongs.

Service Container DN

An LDAP distinguished name for a business unit of a service that is associated to the accounts.

Service Owner DN

An LDAP distinguished name for a user owner of the service.

Service Url

A URL that connects to the managed resource.

Service Type

The service profile type.

Account Owner
Person Full Name

The full name of a user who owns an account.

Person Last Name

The surname of a user who owns an account.

Person Status

The status of a user who owns an account.

Person DN

An LDAP distinguished name for an account owner.

Person Business Unit DN

An LDAP distinguished name for a business unit associated to an account owner.

Person Supervisor

The supervisor of an account owner.

Account Recert History
Recert History Service Name

The name of a service to which accounts and groups belong. These accounts and groups are involved with an account recertification audit.

Recert History Service Profile

The profile type of a service.

Recert History Status

An account status at the end of the recertification workflow process. The valid values are Abort, Approved, Timeout, Pending, and Rejected.

Recert History Action

The action that is taken on an account at the end of recertification process as defined by the recertification policy. The valid values are Abort, Certify, Delete, Mark, Certify Administrative, and Suspend.

Recert History Comments

The comments that are entered by a user during recertification process.

Recert History Process Start Time

The time at which an account recertification workflow process started.

Recert History Process Submission Time

The time at which recertification policy was submitted.

Recert History Process Completion Time

The time at which an account recertification workflow process completed.

Recert History Process Last Modified Time

The last modified time for an account recertification workflow process.

Recert History Process Comments

The comments that are entered by a user during recertification process.

Recert History Process Result Summary

The summary of the recertification process result. The valid values are Success, Failed, Pending, Escalated, Skipped, Timeout, and Warning.

Recert History Process Requestee Name

The name of a user entity for whom the recertification request is submitted. For example, if the entity for recertification is an account, then the query item is the name of the account.

Recert History Process Requester Name

The name of a user who submitted the recertification request. For example, if administrator submits a request for recertification, then this query item is the name of the administrator.

Recert History Recertifier Name

The name of a user who is the final approver in the recertification workflow process.

Recert History Activity Owner

An owner of recertification activity for an account.

Recert History Recertifier Id

An account identifier of the recertifier.

Access
Group ID

An identifier for a group.

Group Name

The name of a group for which an access is defined.

Group Type

The profile type of a group.

Group Access Name

The name of the access defined for a group.

Group Access Type

The type of the access defined for a group.

Group DN

An LDAP distinguished name for a group entity for which an access is defined.

Group Container DN

An LDAP distinguished name for a business unit associated with a group.

Group Service DN

An LDAP distinguished name for the service associated to a group.

Access Recert History
Recert History Service Name

The name of a service to which accesses and groups belong. These accesses and groups are involved with an access recertification audit.

Recert History Service Profile

The profile type of a service.

Recert History Status

An access status at the end of the recertification workflow process. The valid values are Abort, Approved, Timeout, Pending, and Rejected.

Recert History Action

The action that is taken on an access at the end of recertification process as defined by the recertification policy. The valid values are Abort, Certify, Delete, Mark, Certify Administrative, and Suspend.

Recert History Comments

The comments that are entered by a user during recertification process.

Recert History Process Start Time

The time at which an access recertification workflow process started.

Recert History Process Submission Time

The time at which recertification policy was submitted.

Recert History Process Completion Time

The time at which an access recertification workflow process completed.

Recert History Process Last Modified Time

The last modified time for an access recertification workflow process.

Recert History Process Comments

The comments that are entered by a user during recertification process.

Recert History Process Result Summary

The summary of the recertification process result. The valid values are Success, Failed, Pending, Escalated, Skipped, Timeout, and Warning.

Recert History Process Requestee Name

The name of a user entity for whom the recertification request is submitted. For example, if the entity for recertification is an access, then the query item is the name of the access.

Recert History Process Requester Name

The name of a user who submitted the recertification request. For example, if administrator submits a request for recertification, then this query item is the name of the administrator.

Recert History Recertifier Name

The name of a user who is the final approver in the recertification workflow process.

Recert History Activity Owner

An owner of recertification activity for an access.

Recert History Recertifier Id

An access identifier of the recertifier.

Parent topic: Recertification Audit namespace

Query subject	Query items and their description
User Recertification Policy	Recertification Policy Name The name of the recertification policy. Recertification Policy Type The type of an entity that gets recertified by using this policy. The valid values are Account, Access, and Identity. Recertification Policy Description The description of the policy as specified in the policy configuration. Recertification Policy Enabled Shows whether the policy is enabled. Recertification Policy Scheduled The recertification scheduling modes. The valid values are CALENDAR and ROLLING. Recertification Policy Rolling Interval in Days The recertification period if the recertification policy scheduling mode is ROLLING. No value in this query item indicates that the scheduling is not in the ROLLING mode. Recertification Policy Reject Action An action that was taken if the recertification is rejected. Recertification Policy Timeout Period in Days The duration during which a recertifier must act. Recertification Policy Timeout Action The automatic action that must be taken if the recertification times out. Recertification Policy DN An LDAP distinguished name for the recertification policy. Recertification Policy Container DN An LDAP distinguished name for a business unit to which the recertification policy applies. Recertification Policy Is Custom Indicates whether the recertification policy is customized. It is defined in the workflow. Recertification Policy User Class The type of a user to which the recertification policy applies. The valid values are All, Person, and Business Partner Person. Recertification Policy Scope Indicates whether the recertification policy applies to the business unit and its subunits or either of them.
User Recert History	User Recert History Person Name The full name of a person. User Recert History Person Email The user email identifier. User Recert History Person Status A user status at the end of the recertification workflow process. The valid values are Active and Inactive. User Recert History Person Business Unit Name A business unit to which a user belongs. User Recert History Recertification Policy Name The recertification policy that created a user entity. User Recert History Timeout Shows whether the recertification process is timed out or not. 0 represents Not timed out, and 1 represents Timed out. User Recert History Comments The comments that are entered by a user during the user recertification process. User Recert History Process Comments The comments that are entered by a user during the recertification process. User Recert History Process Submission time The recertification policy submission time. User Recert History Process Start Time The time at which user recertification workflow process was started. User Recert History Process Completion Time A user recertification history process completion time. User Recert History Process Last Modified Time The time at which user recertification workflow process was last modified. User Recert History Process Requester Name The name of a user who submitted the request for recertification. User Recert History Process Requestee Name The name of a user entity for whom the request for recertification was submitted. User Recert History Process Recertifier Name The name of a user who is the final approver in the recertification workflow process. User Recert History Process Result Summary An overall summary of a user recertification workflow process result. User Recert History Process Scheduled The schedule for recertification policy submission. User Recert History Id A unique ID assigned by ISIM to a user recertification audit history. User Recert History Person DN An LDAP distinguished name for a user entity in the recertification process. User Recert History Recertification Policy DN An LDAP distinguished name for the recertification policy that recertifies a user entity.
Person	Person Full Name The full name of a user. Person Last Name The surname of a user. Person Status The status of a user. Person Dn An LDAP distinguished name for a user entity. Person Business Unit Dn An LDAP distinguished name for a business unit to which a user belongs. Person Supervisor The name of a user who is the supervisor of a user entity.
Person Organization	Business Unit Name The name of a business unit to which a user belongs. Business Unit Supervisor A user supervisor of a business unit. Business Unit DN An LDAP distinguished name for the business unit to which a user belongs. Business Unit Container DN An LDAP distinguished name for the parent business unit of an organization entity.
User Recert Account	User Recert Account Name The name of an account in a user recertification. User Recert Account Service Name The name of a service to which an account belongs. User Recert Account Service Description Describes the service that is associated to an account. User Recert Account Status The status of an account at the end of the recertification. The valid values are Approved and Rejected. User Recert Account Recert Id A unique numeric ID assigned by ISIM to an account recertification. User Recert Account DN An LDAP Distinguished name for an account entity in the recertification. User Recert Account Service DN An LDAP Distinguished name for the service to which an account entity belongs.
User Recert Group	User Recert Group Name The name of a group in the user recertification. User Recert Group Description Describes the recertification group. User Recert Group Status The status of a group at the end of the recertification. The valid values are Approved and Rejected. User Recert Group Recert Id A unique numeric ID assigned by IBM Security Identity Manager to a group recertification. User Recert Group DN An LDAP Distinguished name for a group entity in the recertification.
User Recert Group Service	Group Name The name of a group. Service Name The name of a service to which the group belongs. Service Type The service profile type. Service Url A URL that connects to the managed resource. Service DN An LDAP distinguished name for a service to which the group belongs. Service Container Dn An LDAP distinguished name for a business unit of the service associated with a group. Service Owner Dn An LDAP distinguished name for a user owner of the service. Group Dn An LDAP distinguished name for a group entity in the recertification.
User Recert Role	User Recert Role Name The name of a role in the user recertification. User Recert Role Description The description of a role. User Recert Role Status The status of a role at the end of the recertification. The valid values are Approved and Rejected. User Recert Role Recert Id A unique numeric identifier that is assigned by IBM Security Identity Manager to a role recertification. User Recert Role DN An LDAP Distinguished name for a role entity in the recertification.
Account	Account Name The name of an account. Account Service Dn An LDAP distinguished name for a service that provisions an account. Account Status The status of an account. The valid values are Active and Inactive. Account Compliance The details about an account compliance. The valid values are Unknown, Compliant, Non Compliant, and Disallowed. Account Ownership Type The ownership type of an account. The valid values are Individual, System, Device, and Vendor. Account Last Access Date The last date when an account was accessed. Account Container Dn An LDAP distinguished name for a business unit to which an account belongs.
Account Service	Service Name The name of a service to which an account belongs. Service Dn An LDAP distinguished name for a service to which an account belongs. Service Container DN An LDAP distinguished name for a business unit of a service that is associated to the accounts. Service Owner DN An LDAP distinguished name for a user owner of the service. Service Url A URL that connects to the managed resource. Service Type The service profile type.
Account Owner	Person Full Name The full name of a user who owns an account. Person Last Name The surname of a user who owns an account. Person Status The status of a user who owns an account. Person DN An LDAP distinguished name for an account owner. Person Business Unit DN An LDAP distinguished name for a business unit associated to an account owner. Person Supervisor The supervisor of an account owner.
Account Recert History	Recert History Service Name The name of a service to which accounts and groups belong. These accounts and groups are involved with an account recertification audit. Recert History Service Profile The profile type of a service. Recert History Status An account status at the end of the recertification workflow process. The valid values are Abort, Approved, Timeout, Pending, and Rejected. Recert History Action The action that is taken on an account at the end of recertification process as defined by the recertification policy. The valid values are Abort, Certify, Delete, Mark, Certify Administrative, and Suspend. Recert History Comments The comments that are entered by a user during recertification process. Recert History Process Start Time The time at which an account recertification workflow process started. Recert History Process Submission Time The time at which recertification policy was submitted. Recert History Process Completion Time The time at which an account recertification workflow process completed. Recert History Process Last Modified Time The last modified time for an account recertification workflow process. Recert History Process Comments The comments that are entered by a user during recertification process. Recert History Process Result Summary The summary of the recertification process result. The valid values are Success, Failed, Pending, Escalated, Skipped, Timeout, and Warning. Recert History Process Requestee Name The name of a user entity for whom the recertification request is submitted. For example, if the entity for recertification is an account, then the query item is the name of the account. Recert History Process Requester Name The name of a user who submitted the recertification request. For example, if administrator submits a request for recertification, then this query item is the name of the administrator. Recert History Recertifier Name The name of a user who is the final approver in the recertification workflow process. Recert History Activity Owner An owner of recertification activity for an account. Recert History Recertifier Id An account identifier of the recertifier.
Access	Group ID An identifier for a group. Group Name The name of a group for which an access is defined. Group Type The profile type of a group. Group Access Name The name of the access defined for a group. Group Access Type The type of the access defined for a group. Group DN An LDAP distinguished name for a group entity for which an access is defined. Group Container DN An LDAP distinguished name for a business unit associated with a group. Group Service DN An LDAP distinguished name for the service associated to a group.
Access Recert History	Recert History Service Name The name of a service to which accesses and groups belong. These accesses and groups are involved with an access recertification audit. Recert History Service Profile The profile type of a service. Recert History Status An access status at the end of the recertification workflow process. The valid values are Abort, Approved, Timeout, Pending, and Rejected. Recert History Action The action that is taken on an access at the end of recertification process as defined by the recertification policy. The valid values are Abort, Certify, Delete, Mark, Certify Administrative, and Suspend. Recert History Comments The comments that are entered by a user during recertification process. Recert History Process Start Time The time at which an access recertification workflow process started. Recert History Process Submission Time The time at which recertification policy was submitted. Recert History Process Completion Time The time at which an access recertification workflow process completed. Recert History Process Last Modified Time The last modified time for an access recertification workflow process. Recert History Process Comments The comments that are entered by a user during recertification process. Recert History Process Result Summary The summary of the recertification process result. The valid values are Success, Failed, Pending, Escalated, Skipped, Timeout, and Warning. Recert History Process Requestee Name The name of a user entity for whom the recertification request is submitted. For example, if the entity for recertification is an access, then the query item is the name of the access. Recert History Process Requester Name The name of a user who submitted the recertification request. For example, if administrator submits a request for recertification, then this query item is the name of the administrator. Recert History Recertifier Name The name of a user who is the final approver in the recertification workflow process. Recert History Activity Owner An owner of recertification activity for an access. Recert History Recertifier Id An access identifier of the recertifier.