Identity Governance provides several ways to find the information in your catalog. All catalog tables support a quick lookup of items by name or description. Some catalog tables also support an advanced filtering capability where users can build complex expressions based on searchable attributes. These complex expressions allow users to add attribute conditions to the search criteria or to add sub-expressions, known as filters, which can contain attribute conditions as well as other filters to refine the search results. Users can also save these filters for future searches. Both the quick lookup and filter expressions search are limited to a specific table. Insight Queries provide flexibility in searching for entities in your system, including searching across entity relationships.
Identity Governance supports the following wildcards in searches and advanced filtering:
Underscore (_) for single characters
Asterisk (*) and Percent (%) for multiple characters such as any sequence of zero or more characters
NOTE:The behavior of the wildcards differs based on the type of database and location of the search field or advanced filter. For example, PostgreSQL does not support wild cards for equal operations, but it does support wild cards for like operations.These wildcards are not supported in typeahead controls.
Table 11-1 Examples of Valid Wildcards for Advanced Filters and Insight Queries
|
Type |
To Find |
|---|---|
|
% |
All results |
|
* |
All results |
|
an% |
All results that contain “an” |
|
an* |
All results that contain “an” |
|
a_i |
All results that have an “a”, followed by any character, then an “i” |
You can also use other wildcards and expression capabilities supported by backend databases when searching Identity Governance entity tables. Identity Governance passes them in the search string to the databases. Refer to your database documentation for details about these additional wildcards and expressions.
When using these wildcards as literal characters, you must precede the special character with an escape (\) character in searches and advanced filtering when using the following operators:
contains
starts with
ends with
matches
Operators in advanced search values such as equal to or not equal to do not need to be preceded by an escape character.
Table 11-2 Examples of Special Character Usage in Search Strings
|
Type |
To find |
|---|---|
|
%Admin% |
Results that contain Admin, such as Administrative Assistant or Global Administrator. |
|
J_n |
Entities where the first character is J and the third character is n, such as Jane Smith or Brad Jones. |
|
Jo\%Doe |
Entities that match Jo%Doe, such as Jo% Doe or Jo%Doe Admin. |
|
Acct\_AD |
Entities that match Acct_AD, such as Acct_AD_01 or Acct_AD Admin. |
You can search for specific items in the catalog by selecting the type of item under Catalog, such as Users or Groups. Then type your search criteria in the search box, and select the search icon.
Identity Governance attempts to complete your search entry as you type. To ensure that users can more easily find a group, always include a description of the group that matches what users might use as a search term. For example, "Finance Team" for your financial group.
You can add additional criteria to the search by clicking the filter icon, where available, and using the expression builder. The expression builder gives you the ability to use AND, OR, and NOT expressions with the additional search criteria. You can save and reuse filters that you have defined.
The application or owner control provides a type-ahead feature to select applications or users in the system. Searching for applications, groups, or users requires selecting the catalog item.
HINT:You can configure the application wait time in milliseconds after the last time you press a key and before the application performs a typeahead search by selecting Configuration > General Settings > Typeahead Delay.
The attributes that appear in the refinement list are fixed for Technical Roles. However, you can configure them for other catalog items.
To add or remove user attributes from the refinement list:
Select Data Administration and then select the type of catalog item, such as Identity Attributes.
Select an attribute to edit the attribute definition.
Select the desired searchable option for the attribute to have it displayed in the catalog or not:
Select this option to enable the attribute for quick searches. If the option is selected, the attribute is available in the catalog list for searches. This means the search is performed against this column even if this column is not shown in the catalog list.
Select this option to enable the attribute for advanced searches.
Select this option if you want to display the attribute in review items. For more information, see Section 22.0, Running a Review Instance.
Select this option if you want to display the attribute when creating a business role membership expression. The membership expression contains the search criteria for membership in a business role. For more information, see Section 16.0, Creating and Managing Business Roles.
Select Save, then publish the changes to the catalog.
Where available in Identity Governance, you can add additional criteria to searches by clicking the filter icon and using the expression builder. The expression builder gives you the ability to use AND, OR, and NOT expressions with a set of attribute conditions or sub-expressions and filters that can be used to filter the result set based on specific values. The expression builder also calculates date based on the provided date formula.
If you have filters you want to reuse in your environment, Identity Governance helps you manage these filters. Except for Insight Queries, you can save these filters and edit or delete them as needed for searches, such as identities, permissions, roles, and policies.
After using the expression builder to add a filter to a search, name the filter and select Save.
The next time you select the filter icon, a menu allows you to select from several options.
Select Manage saved filters.
Here you can see all your saved filters, edit them, or delete them.
Select Save or Close.