Role-based access control (RBAC) reports provide information about role level authorizations, object level authorizations, assigned roles for users, and audit trails for changes to system objects.
RBAC reports and the RBAC folder in the model are visible to users assigned to any role. However, the associated data is visible only to users assigned to the GlobalReportAdmins, GlobalReportViewers, and RBACAdmins roles.
When applying filters on authorizations in these reports, if you specify an authorization that ends with an asterisk, such as ACLPushJob.*, the filter results include only the specific authorization, not the full family of authorizations. For example, if you specify ACLPushJob.* in the Authorization filter , only results for ACLPushJob.* authorizations are included in the results, not authorizations such as ACLPushJob.Execute.
The following table summarizes the built-in RBAC reports. For information about running these reports, see Running out-of-the-box reports.
Built-in RBAC reports
Displays the latest role assigned to a user, total number of roles, and roles assigned to each user
Role Authorization Summary
Lists the number of servers, jobs, templates, groups, BLPackages, commands, and configuration files that the role is authorized to view. It also lists the detailed authorizations for the role. Authorizations are grouped by authorization methods. An authorization can be assigned through an ACL policy, directly, or an authorization profile.
Provides the object-level authorizations by object type. This report also shows information about object types for a selected role.
Authorizations are grouped by authorization methods. An authorization can be assigned through an ACL policy, directly, or an authorization profile.
The following object types are supported:
This report uses the following reports and you can run these reports individually:
Detailed Audit Trail
Provides the audit trails for the changes related to authorizations that happened to the system objects over a selected time period