Identity Governance provides the ability to query data interactively by using Insight Queries. You can query the catalog across entity types, such as finding all users that have access to a certain permission. You can also query compliance activity and other information such as finding all users who have outstanding revocations.
To access Insight Queries, you must have one of the following authorizations:
Customer, Global, Data, or Governance Insights Administrator
Auditor
Insight queries are interactive, allowing you to change query options and update results without having to open a new window each time. You can download queries and import them and you can also download results of the queries. You can also create custom metrics using a query to populate the SQL statement and the metric columns fields. For more information about custom metrics, see Creating Custom Metrics.
To create Insight Queries:
Log in as a Customer, Global, Data, or Governance Insights Administrator or Auditor.
Select Catalog > Governance Insights.
Select the + icon to create a query.
Specify the desired search criteria. The criteria includes a set of entity types, cross references, and additional filters that can be used to filter the result set based on specific entity type.
Select an entity type. For example, for queries related to fulfillment requests, select Change Requests. For queries related to identities, select Identities.
(Optional) Add a cross-reference filter. Cross-reference filters are relationships between the selected entity type being searched and other entities in the system. You can limit the query based on the specified filter using the with option or use with or without option to expand the search. For example, if you are searching for identities and want to only find all identities that are included as members of business roles, then add with Business Role Inclusion as a cross-reference filter. If you want to find users who might or might not have violated a Separation of Duty policy, then add with or without Violating SoD cross-reference filter. For a detailed list of cross-reference filters, see the Identity Governance Insight Query Technical Reference.
(Optional) Select the filter icon to add attribute conditions and sub-expressions using the expression builder. For example, if you are searching for identities with a specific Title attribute, then add a condition specifying Title equal to the desired value, such as Reviewer.
NOTE:When searching for attribute values to include as search criteria, you can use the typeahead feature to select a value from the current catalog that matches your criteria, or type a partial string and press Enter. For information about supported wildcards, see Section 11.4.1, Supported Wildcards and Handling Wildcards as Literal Characters.
Select the columns (attributes) to include in the results. The column order for the results matches the order you specify, and you can drag and drop the listed columns to change the order of display.
Default columns display automatically in the selected column list when changing the searched entity type or when adding a cross-reference filter. Columns associated with a cross-reference filter are also automatically removed from the selected column list when you remove the reference filter.
Select the Run icon to see query results. As you change the query options, select the Run icon to update the results.
Select the Save icon to save the query.
(Optional) Select Download as CSV to save the results.
Type the query name or a meaningful description.
Select Download.
Select the download icon on the top title bar to access the saved file and download the file.
(Optional) Delete the file after downloading.
NOTE:The downloaded files will be automatically deleted based on your default download retention day settings. For information about customizing download settings, see Section 3.9, Customizing Download Settings.
If you include columns that contain multi-valued attributes, the query results contain multiple rows for those columns.
Identity Governance combines duplicate rows in the query results lists to avoid showing many rows with same value. For example, a query of identities on the Title attribute lists only one row for each title in your catalog, even though multiple identities might share the same title. In Oracle environments, the following object types and attributes do show multiple rows in the query results if you select any of them as a column:
User: Geo Location
Access Request Item: Change Item Comment
Change Item Action: Item Comment