Previous Topic: Create a Snapshot Definition

Next Topic: Snapshot Parameter XML File Syntax—Limit Report Snapshot

Implementation GuideImplementing Enterprise ReportingHow to Set Up Reporting Service Server ComponentsCreate a Snapshot DefinitionLimit the Scope of the Report Snapshot

Limit the Scope of the Report Snapshot

When CA Access Control Enterprise Management captures a report snapshot, it collects data from snapshots of CA Access Control and UNAB endpoints, PUPM data from CA Access Control Enterprise Management, and data from the user store. After CA Access Control Enterprise Management collects the report data, it stores the data in the central database.

The snapshot parameter XML file specifies the report data that CA Access Control Enterprise Management collects. You can limit the scope of the report snapshot by customizing the snapshot parameter XML file.

For example, if you use Active Directory as your user store, CA Access Control Enterprise Management collects data for every Active Directory user when it captures a report snapshot. This operation may take a long time to complete. To decrease the time it takes to capture a snapshot, you can limit the scope of the Active Directory snapshot by customizing the snapshot parameter XML file.

To limit the scope of the report snapshot

  1. Navigate to the following directory, where JBOSS_HOME is the directory where you installed JBoss: 
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/
config/imrexport/sample
  2. Copy the PPM_ALL.xml file, rename the new file, and save the file in the same directory.

    You have created a new snapshot parameter XML file.

  3. Open the new snapshot parameter XML file in an editable form.
  4. Edit the entries in the <!--IM COLLECTORS--> section to specify the scope of the data that CA Access Control Enterprise Management collects from the user store.
  5. Comment out (!-- ) and ( --) the entries in the <!--PUPM COLLECTORS--> section that correspond to the CA Access Control Enterprise Management components that you do not want to include in the report snapshot.
  6. (Optional) Limit the scope of the Active Directory snapshot:
    1. Review the How the LDAP Queries Limit the Report Snapshot and the LDAP Syntax Considerations topics.

      The information in these topics helps you define the correct LDAP queries in the following steps.

    2. Locate the following element in the <!--PUPM COLLECTORS--> section: 
      <export object="com.ca.ppm.export.ADUsersCollector">
</export>

      This element specifies the Active Directory user data that is included in the snapshot.

    3. Edit the element so it appears as follows, where ldap_query specifies an LDAP query that defines the users for which data is collected: 
      <export object="com.ca.ppm.export.ADUsersCollector">
	<where attr="%USER" satisfy="ANY">
		<value op="EQUALS">(ldap_query)</value>
	</where>
</export>
    4. Locate the following element in the <!--PUPM COLLECTORS--> section: 
      <export object="com.ca.ppm.export.ADGroupsCollector">
</export>
    5. Edit the element so it appears as follows, where ldap_query specifies an LDAP query that defines the groups for which data is collected: 
      <export object="com.ca.ppm.export.ADGroupsCollector">
	<where attr="%USER" satisfy="ANY">
		<value op="EQUALS">(ldap_query)</value>
	</where>
</export>

      You have limited the scope of the Active Directory snapshot.

  7. Save and close the new snapshot parameter XML file.
  8. Modify the snapshot definition in CA Access Control Enterprise Management to use the new snapshot parameter XML file.

    When the capture snapshot task runs, it collects only the data that you specified in the snapshot parameter XML file.

Example: Limit the Scope of Report Snapshots to CA Access Control Endpoints

If you do not use PUPM and UNAB, you can limit the scope of the report snapshot to collect data only from CA Access Control endpoints. To limit the scope of data collection to CA Access Control endpoints, you comment (!-- ) and ( --) all the entries under the <-- PUPM COLLECTORS --> section except for the ReportIdMarkerCollector entry.

The following is a snippet from the PPM_ALL.xml file after it was modified to comment all entries under the <-- PUPM COLLECTORS --> section, excluding the ReportIdMarkerCollector entry:

<!--  PUPM COLLECTORS -->
	<!-- export object="com.ca.ppm.export.AccountPasswordCollector">
	</export -->

	<!-- export object="com.ca.ppm.export.PPMRolesCollector">
		<exportattr attr="|rolemembers|" />
	</export -->

	<!-- export object="com.ca.ppm.export.
		PrivilegedAccountExceptionCollector">
	</export -->

	<!-- export object="com.ca.ppm.export.PPMPasswordPolicyCollector">
	</export -->

	<!-- export object="com.ca.ppm.export.ADUsersCollector">
	</export -->

	<export object="com.ca.ppm.export.PPMAccountUserAccessCollector">
	</export --!>

	<!-- export object="com.ca.ppm.export.ADGroupsCollector">
		<exportattr attr="|groupmembers|" />
	</export -->

	<export object="com.ca.ppm.export.ReportIdMarkerCollector">
	</export>