Built-in RBAC reports

Role-based access control (RBAC) reports provide information about role level authorizations, object level authorizations, assigned roles for users, and audit trails for changes to system objects.

RBAC reports and the RBAC folder in the model are visible to users assigned to any role. However, the associated data is visible only to users assigned to the GlobalReportAdmins, GlobalReportViewers, and RBACAdmins roles.

Note

When applying filters on authorizations in these reports, if you specify an authorization that ends with an asterisk, such as ACLPushJob.*, the filter results include only the specific authorization, not the full family of authorizations. For example, if you specify ACLPushJob.* in the Authorization filter , only results for ACLPushJob.* authorizations are included in the results, not authorizations such as ACLPushJob.Execute.

The following table summarizes the built-in RBAC reports. For information about running these reports, see Running built-in reports.

Built-in RBAC reports

Report/Description	Columns	Prompts
User Summary Displays the latest role assigned to a user, total number of roles, and roles assigned to each user	User Name No. of Roles: Drill down to Role Authorization Summary Role Name: Drill down to Role Authorization Summary	User
Role Authorization Summary Lists the number of servers, jobs, templates, groups, BLPackages, commands, and configuration files that the role is authorized to view. It also lists the detailed authorizations for the role. Authorizations are grouped by authorization methods. An authorization can be assigned through an ACL policy, directly, or an authorization profile.	Role Name Server Count: Drill down to Object Authorization Job Count: Drill down to Object Authorization Template Count: Drill down to Object Authorization Group Count: Drill down to Object Authorization BLPackage Count Command Count: Drill down to Object Authorization Config File Count: Drill down to Object Authorization Role Authorization Authorization Method	Role
Object Authorization Provides the object-level authorizations by object type. This report also shows information about object types for a selected role. Authorizations are grouped by authorization methods. An authorization can be assigned through an ACL policy, directly, or an authorization profile. The following object types are supported: Group Job Server Template Custom Command Config File BL Package and NSH Script	Role Name OS Name OS Release OS Version Server Name Object Type Object Name Object Authorization Authorization Method Command Display Name Template Name Group Type Group Name Job Type Job Name Config File Name	Role Object Type Object
Detailed Audit Trail Provides the audit trails for the changes related to authorizations that happened to the system objects over a selected time period	Log Date Role Name User Name Object Authorization Object Type Object Name Authorization Result Message	Date Range Role User Object Type

Built-in RBAC reports

Comments