2.5.3 Reports and Using Entities
- Yuriy Ostrovskiy (Deactivated)
- Horst Fuhrmann
In this section you will learn about entities in ACDI reports, what they mean, how to create reports with entities, as well as how to manage entity filters and display attributes of secondary entities in final reports.
If you need a report that will display values for different objects linked with each other by an attribute like groups and its members, roles and users, role requests, approvers, requester, request, target user, etc., you must add a secondary entity or entities to a report.
Let's create a report that will show you data about all roles assigned to a user. This report will be created based on data from the snapshot. In ACDI there is a default Users Report which has only one entity, namely, a user from snapshot.
There are also some filters for this user, and the report displays a list of attributes in the Result Table.
Here is what you need to do: first, create a secondary entity—Role—and link it with the existing one. For this, go to Report Editor, choose a report that you want to use as a template,
click “Save as” and give it a new name. Now save.
Your custom report will appear on the reports list.
You may want to update some tags to use them later for placing the report in an appropriate submenu.
Let’s go back to an entity. Here you see that the base entity snapshot has a query “objectClass:inetOrgPerson.” This means that this entity will display information only about users from a snapshot.
Indices with the prefix report contain data from snapshots.
Okay, let's copy this entity and update the copy with customized properties.
Let’s change the query. You know that roles have the class “nrfRole.”
The entry in the “DateTime” field remains the same as for the copied entity, as do the entries in the “Entity Index” and “Entity primary key” fields.
The next step is to create a link between the two entities.
Roles are linked to users via different attributes. “nrfassignedroles” is an attribute that shows direct role assignments.
And the “nrfmemberof” attribute contains DN of roles assigned via different ways even using a nested child role assignment. Let's use the “nrfmemberof” attribute.
As you can see here, it contains a strict DN.
This means that for the entity “Role” you need to use DN for the “Source Attribute.”
Here “term” must be selected because it's a strict DN.
OK, you don't need any post-processing and want to link the “Role” to an entity “Snapshot.”
Snapshot’s attribute is “nrfMemberOf.”
One user may have many memberships as you can see in this example.
So, you linked entities from one side and now let's do it from the side of the primary entity.
The ”Source Attribute” here is “nrfMemberOf.” “Destination Entity name” – Role, “Destination Attribute” - DN.
Select here “many” to “one.” Let's save the settings.
It’s time to add a few filters for a role. Let’s assume you will want to filter by “CN.”
Then the filter’s name here will be “Role CN” and “role” will be selected for “Entity.”
Save everything. Okay, let's check this report.
Go to Reports and then to Custom Reports, which shows all reports with the tag “custom.” You can see your report here. Let's click “Load.”
OK, the report shows that in the last snapshot, there are 216 roles and 647 users.
Let’s use a filter and check users who are members of the “reportAdmin” role.
According to the data displayed, this role is assigned to twelve users. Let’s run the report.
Now you see all users and their information. You will probably want to display information about the roles themselves. Let's then add additional data to the “Role” entity.
Go to the “Result Table attributes” where you can remove user attributes you don't want to be displayed and add a new field for entity “Role.”
First of all, we need to create a field for the entity itself. You need to enable “Use attribute for entity object”, assign the entity, and give it a custom name. Let’s use “Role info” for the “Alias name for the attribute.” For now, there will be no changes here.
To get additional attributes for secondary entities, you need to create more attribute fields with this switcher turned off.
And now here you set the attributes you want to be displayed in the final report.
Add “nrfLocalizedNames”
And also “nrfLocalizedDescrs.” Entry here “Role Description” and change this entry to “Role Name.” Let's save the changes and check the report again. Refresh the page.
After a role is selected, you see that there are five users and the additional column with role info.
The roles have long descriptions and names with all localizations available. This info can be handled with the help of postprocessing. Let’s create a postprocessing function to enable the postprocessing.
Let's give it a name “getLocEng.” Here you have a ready-to-use function that will do the postprocessing for you. Now save the changes in your report and implement them to attributes you want to be processed by this function.
Go to the attribute, select the function name, and enable postprocessing.
You need to do it for the “nrfLocalizedNames” and “nrfLocalizedDescrs” attributes.
Now let’s check roles for a test user.
This user does have roles, so let’s run the report.
You see all the information about the role in a comprehensible way.
What can be done to make this report a bit more user-friendly? The first thing that you can do is to make this column a bit wider. For this, you need to go to the “Entity” attribute and set the column width to 600. OK, now it's wider.
The second thing is to switch the view to a flat format. This means that each role will have a separate row in the result table. Let's enable flat format with this switcher and run the report again.
So you can see here that the table has a flat view - a row per role and columns for each secondary entity are displayed.
But what can you do if entities are linked with some attributes that are located inside a CSV string or inside XML or JSON? Let`s see.
“nrfAssignedRoles” or the direct role assignment. You see here that the user object contains an attribute with value in CSV format and the DN of the role is the first part of this string and is separated with the “#” symbol. So, somehow you need to parse this DN from on one hand, and on another hand, you need to set it as a regular expression. What can be done in this case?
You can use “regex” functionality and postprocessing!
Let's go back to postprocessing. In this video functions prepared beforehand will be used to transform the strings.
The first one will be named “relation_role_fix_to” and with this function, you will get the first substring from this string separated by a hash.
The second function will be named “relation_role_fix_ from” and it will create a regular expression that will allow you to find the value you need. Let’s save everything and go back to entities.
From the snapshot side, you will need to use “term” because you will have DN in a user and it will relate to “relation_role_fix_to.”
Let's enable transformation and link the secondary entity by exact datetime.
From the role side, you’ll need to update this linkage to “regex” - regular expression - and switch to “relation_role_fix_ from.”
Make sure you don't forget to enable transformation.
You must also change the name of the attribute because previously you used “nrfMemberOf” and now you will be using “nrfassignedroles.”
The same values must be set in two entities.
Okay, let's save the changes and check the results. Refresh the page and run the report. Here are the results.
Here are the results.
You can learn more about the options and possibilities of ACDI Reporting in SKyPRO Academy. Thank you for your attention and take care.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch