12.6 Analyzing Data with Insight Queries

OpenText Identity Governance provides the ability to query data interactively by using Insight Queries and automatically emails query results to specified owners using a predefined email template. You can query the catalog across entity types, such as finding all users that have access to a certain permission. You can also query compliance activity and other information such as finding all users who have outstanding revocations.

To access Insight Queries, you must have one of the following authorizations:

  • Customer, Data, or Governance Insights Administrator

  • Auditor

Insight queries are interactive, allowing you to change query options and update results without having to open a new window each time. You can:

  • Run insight queries manually

  • Run insight queries on a schedule and automatically have the results emailed to specified users

  • Download and import insight queries

  • Download results of the queries

  • Create custom metrics using a query to populate the SQL statement and the metric columns fields

For more information about scheduling insight queries, see Section 12.7, Creating Collection Schedule for Insight Queries. For more information about custom metrics, see Creating Custom Metrics. For more information about exporting and importing procedures and recommended order of import, see Section 30.0, Exporting and Importing.

To create Insight Queries:

  1. Log in as a Customer, Data, or Governance Insights Administrator or Auditor.

  2. Select Catalog > Governance Insights.

  3. Select the + icon to create a query.

  4. Type name and description.

  5. (Optional) Specify one or more owners. If you do not specify an owner, you will be assigned as the owner.

  6. Specify the desired search criteria. The criteria includes a set of entity types, cross references, and additional filters that can be used to filter the result set based on specific entity type.

    1. Select an entity type. For example, for queries related to fulfillment requests, select Change Requests. For queries related to identities, select Identities.

    2. (Optional) Add a cross-reference filter. Cross-reference filters are relationships between the selected entity type being searched and other entities in the system. You can limit the query based on the specified filter using the with option or use with or without option to expand the search. For example, if you are searching for identities and want to only find all identities that are included as members of business roles, then add with Business Role Inclusion as a cross-reference filter. If you want to find users who might or might not have violated a Separation of Duty policy, then add with or without Violating SoD cross-reference filter. For a detailed list of cross-reference filters, see the Identity Governance Insight Query Technical Reference.

    3. (Optional) Select the filter icon to add attribute conditions and sub-expressions using the expression builder. For example, if you are searching for identities with a specific Title attribute, then add a condition specifying Title equal to the desired value, such as Reviewer.

      NOTE:When searching for attribute values to include as search criteria, you can use the typeahead feature to select a value from the current catalog that matches your criteria, or type a partial string and press Enter. For information about supported wildcards, see Section 12.5.1, Supported Wildcards and Handling Wildcards as Literal Characters.

  7. Select the columns (attributes) to include in the results. The column order for the results matches the order you specify, and you can drag and drop the listed columns to change the order of display.

    Default columns display automatically in the selected column list when changing the searched entity type or when adding a cross-reference filter. Columns associated with a cross-reference filter are also automatically removed from the selected column list when you remove the reference filter.

  8. Select the Save icon to save the query.

  9. (Conditional) When querying large data, download the results instead of running the query to optimize performance and avoid the query from timing out and displaying an error even though the query ran successfully in the background.

    To download results, right-click on the Download icon and select Download query collection results and specify start and end date. Download again when you change the query options.

  10. Alternately, click the Download icon and select Run query and download results.

  11. (Optional) On the Query Results section, select collection date to see previous results or to run the query again.

  12. (Optional) Schedule insight query collection runs.

  13. (Optional) Select one or more queries, then select Actions > Delete Queries.

    NOTE:You cannot delete queries that are scheduled to run. Disable the collection schedule before attempting to delete the query. We also recommend that you download insight query before deleting it in case you need to use it in the future.

Regarding results, if you include columns that contain multi-valued attributes, the query results contain multiple rows for those columns.

OpenText Identity Governance combines duplicate rows in the query results lists to avoid showing many rows with same value. For example, a query of identities on the Title attribute lists only one row for each title in your catalog, even though multiple identities might share the same title. In Oracle environments, the following object types and attributes do show multiple rows in the query results if you select any of them as a column:

  • User: Geo Location

  • Access Request Item: Change Item Comment

  • Change Item Action: Item Comment