Report Samples
Security Status Report
The Security Status Report shows the access status for each product line: NO_ACCESS, ALL_ACCESS, or PROCESS_RULES. PROCESS_RULES means that access for users is determined by the rules in the security classes that apply to each user.
Report Sample
Security Status is :
ProductLine:GEN Status:PROCESS_RULES
ProductLine:PRODHCM Status:PROCESS_RULES
Security Classes Report
The Security Classes Report lists the security classes assigned to a role for a data area or product line.
Report Sample
The SecurityClasses assigned to Admin for the data area gen are :
JobQueueAccess
ProductLineAccess
ProxyGrantorAccess
SpellingDictionaryAccessSecurity User Policy Report
The Security User Policy Report lists the actor contexts, agents, roles, and security classes for an actor
Report Sample
Security Policy for Actor=user1:
dataArea: GEN
actorContext not found.
agents not found.
role: DirectSupervisor
secClass: ProductLineAccess
secClass: ProxyGrantorAccess
secClass: SpellingDictionaryAccess
role: ProcessServerAllAccess
secClass: InbasketAdministrator
secClass: ProcessServerAllAccess
secClass: ProductLineAccess
role: HRGeneralist
secClass: ProductLineAccess
secClass: SpellingDictionaryAccess
dataArea: PRODHCM
actorContext:
Key Field: HROrganization
Value: 8000
agents:
businessClassName: Employee
Value: 8000, 1
role: DirectSupervisor
secClass: BasicProductLineAccess
secClass: CompensationDirectSupervisor
secClass: CompetencyDirectSupervisor
secClass: DirectSupervisor
secClass: FrameworkInquiryAccess
secClass: InbasketUser
secClass: ManagerWebAppAccess
secClass: ProductLineAccess
secClass: ReasonAndRequestAccess
secClass: SetupInquiryAccess
secClass: UserFolderAllAccess
role: ProcessServerAllAccess
secClass: InbasketAdministrator
secClass: ProcessServerAllAccess
secClass: ProductLineAccess
role: HRGeneralist
secClass: BasicProductLineAccess
secClass: CompetencyManagement
secClass: FrameworkInquiryAccessUncond
secClass: HRGeneralistCompAccess
secClass: HRGeneralistHRAccess
secClass: HRGeneralistJobAppAccess
secClass: HRGeneralistJobReqAccess
secClass: HRGeneralistWebAppAccess
secClass: InbasketUser
secClass: LearningAdministrator
secClass: ManageEmploymentContracts
secClass: PerformanceManagement
secClass: ProductLineAccess
secClass: ReasonAndRequestAccess
secClass: SetupInquiryAccessUncond
secClass: UserFolderAllAccessSecurity Securable Object Report
The Security Securable Object Report shows security information for a securable object.
Report Sample
actor = user2
role = DirectSupervisor
secClass = BasicProductLineAccess
policyObjectName = Identity, policyObjectType = BusinessClass
rule# = 1
isNegate = false
actions = Inquire,ChangePassword,ResetPassword,author inquiries
action types = Inquire
condition = ( (Identity.IdentityActorRel.Actor = actor))
role = HRGeneralist
secClass = BasicProductLineAccess
policyObjectName = Identity, policyObjectType = BusinessClass
rule# = 1
isNegate = false
actions = Inquire,ChangePassword,ResetPassword,author inquiries
action types = Inquire
condition = ( (Identity.IdentityActorRel.Actor = actor))
role = SecurityAdministrator
secClass = UserAdminAllAccess
policyObjectName = Identity, policyObjectType = BusinessClass
rule# = 1
isNegate = false
actions = all actions
condition = (true = true)
secClass = AllGenAccess
policyObjectName = BusinessClass, policyObjectType = Type
rule# = 1
isNegate = false
actions = all actions
condition = (true = true) Security Descriptor Report
The Security Descriptor Report shows detailed information about securable objects.
Report Sample
******** Containment ************
nodeName = GEN, type = DataArea (364)
nodeName = security, type = Module (362)
******** Securable Object ************
ObjectName = Identity, Objecttype = BusinessClass (357)
=== Ontological Tree ===
name = Identity, type = KeyField (356)
name = Service, type = KeyField (356)
******** Content ************
name = IsQuestionnaireValid, type = Field (365)
name = IsFormBasedIdentity, type = Field (365)
name = Identity_authenticated_actor, type = Field (365)
name = Identity_audit_entryid, type = Field (365)
name = IsPasswordResetRequired, type = Field (365)
name = Identity_effective_through, type = Field (365)
name = DatabaseIdentityProperties, type = Field (365)
name = DatabaseIdentityProperties.DatabaseLoginName, type = Field (365)
name = DatabaseIdentityProperties.Password, type = Field (365)
name = SSODomain, type = Field (365)
name = CurrentPassword, type = Field (365)
name = Service, type = Field (365)
name = IsAS400Identity, type = Field (365)
name = ConfirmNewPassword, type = Field (365)
name = IsPasswordPolicyExist, type = Field (365)
name = FormBasedIdentityProperties, type = Field (365)
name = FormBasedIdentityProperties.User, type = Field (365)
name = FormBasedIdentityProperties.Password, type = Field (365)
name = MISocketIdentityProperties, type = Field (365)
name = MISocketIdentityProperties.MIUser, type = Field (365)
name = MISocketIdentityProperties.Password, type = Field (365)
name = Identity_audit_sequence, type = Field (365)
name = Identity_CreateStamp, type = Field (365)
name = Identity_CreateStamp.TimeStamp, type = Field (365)
name = Identity_CreateStamp.Actor, type = Field (365)
name = Identity_reason_code, type = Field (365)
name = NumberOfReqdQuestions, type = Field (365)
name = GeneratedPassword, type = Field (365)
name = Identity_create_date, type = Field (365)
name = PasswordLastSet, type = Field (365)
name = Identity_action, type = Field (365)
name = IsWindowsIdentity, type = Field (365)
name = NumberOfUnansweredQuestions, type = Field (365)
name = NumberOfRemainingQuestions, type = Field (365)
.
.
.Security Condition Report
The Security Condition Report analyzes the conditions in the security classes that apply to a user and produces a summary statement that combines those conditions.
Report Sample
Summary condition :
( (Employee not = actor.agent(Employee).Employee or HROrganization not = actor.agent(Employee).HROrganization)
or ( (IsEmployee) or (AncestorDirectSupervisor)))Security Prediction Report
The Security Prediction Report shows the security access for
a user to the specified securable object. ##DD## indicates
that the access is data dependent.
Report Sample
Securable Object = (Proxy:357) allowed actions are:
all actions
##DD##all actions