IBM Security Verify

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

myPersonMO = new PersonMO(platform,subject,new DistinguishedName(owner.get().dn))myServiceMO = new ServiceMO(platform,subject,new DistinguishedName(service.get().dn))myAccountMO = new AccountMO(platform,subject,new DistinguishedName(account.get().dn))myAccountMgr = new AccountManager(platform,subject);myAttrVals = myAccountMO.getData().getAttributes();activity.auditEvent("Account has following attributeValues : \n" + myAttrVals.toString());myCompliance = myAccountMgr.checkAccountCompliance(myPersonMO,myServiceMO,myAttrVals);activity.auditEvent("Account has following non-compliant attributeValues : \n" + myCompliance.requiredChangesToString(myAttrVals));​

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

myPersonMO = new PersonMO(platform,subject,new DistinguishedName(owner.get().dn))myServiceMO = new ServiceMO(platform,subject,new DistinguishedName(service.get().dn))myAccountMO = new AccountMO(platform,subject,new DistinguishedName(account.get().dn))myAccountMgr = new AccountManager(platform,subject);myAttrVals = myAccountMO.getData().getAttributes();activity.auditEvent("Account has following attributeValues : \n" + myAttrVals.toString());myCompliance = myAccountMgr.checkAccountCompliance(myPersonMO,myServiceMO,myAttrVals);activity.auditEvent("Account has following non-compliant attributeValues : \n" + myCompliance.requiredChangesToString(myAttrVals));​

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)

1. The first method is to run a provisioning policy review on the accounts you want to evaluate - this means that the persons must be member of one of more roles associated with a policy - in most cases you already have that - else it is very easy to build - you do not even need to save it - just a preview is the purpose. When the preview is performed the result is stored in the RDBMS - check the schema documentation here to find the relevant table : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/landing/dbschema_landing.html (I do not remember it out of my head - sorry). Next step is to export the data out of the table to something you can work with - use SDI/QMF or built-in tools - and when the export is done you can close the preview and the data will be cleaned from the table...
2. The second method is to perform an account validation using the ISIM Java APIs - this can be done workflow or from an external application e.g. SDI. I have performed that stunt in the operational workflow some time ago - I will have to dig up the relevant piece of code later - pleas let me come back to you on that....
3. While writing I actually got an idea on a third method - when you run a reconciliation (with policy evaluation performed) the PROCESSLOG table will actually contain a record of the evaluation - you can see that in the reconciliation request as "Noncompliant Accounts" under each "Enforce Compliance" entry. This is probably a little too complex as you will want to convert the embedded XML strings to something more workable (the format is not documented but is very generic and simple) - you can do this in SDI or using some very complex DB2 conversion to convert it to a rows in e.g. a new view (I hope I will be able to show how to do this some time - it is really nifty...)