Previous Topic: Create a Snapshot DefinitionNext Topic: Snapshot Parameter XML File Syntax—Limit Report Snapshot


Limit the Scope of the Report Snapshot

When CA ControlMinder Enterprise Management captures a report snapshot, it collects data from snapshots of CA ControlMinder and UNAB endpoints, SAM data from CA ControlMinder Enterprise Management, and data from the user store. After CA ControlMinder Enterprise Management collects the report data, it stores the data in the central database.

The snapshot parameter XML file specifies the report data that CA ControlMinder Enterprise Management collects. You can limit the scope of the report snapshot by customizing the snapshot parameter XML file.

For example, if you use Active Directory as your user store, CA ControlMinder Enterprise Management collects data for every Active Directory user when it captures a report snapshot. This operation may take a long time to complete. To decrease the time it takes to capture a snapshot, you can limit the scope of the Active Directory snapshot by customizing the snapshot parameter XML file.

To limit the scope of the report snapshot

  1. Navigate to the following directory, where JBOSS_HOME is the directory where you installed JBoss:
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/
    config/imrexport/sample
    
  2. Copy the sample xml file that is most suitable for your use case. Rename the new file, and save the file in the same directory.

    You have created a new snapshot parameter XML file.

  3. Open the new snapshot parameter XML file in an editable form.
  4. Edit the entries in the <!--IM COLLECTORS--> section to specify the scope of the data that CA ControlMinder Enterprise Management collects from the user store.
  5. Comment out (!-- ) and ( --) the entries in the <!--PUPM COLLECTORS--> section that correspond to the CA ControlMinder Enterprise Management components that you do not want to include in the report snapshot.
  6. (Optional) Limit the scope of the Active Directory snapshot:
    1. Review the How the LDAP Queries Limit the Report Snapshot and the LDAP Syntax Considerations topics.

      The information in these topics helps you define the correct LDAP queries in the following steps.

    2. Locate the following element in the <!--PUPM COLLECTORS--> section:
      <export object="com.ca.ppm.export.ADUsersCollector">
      </export>
      

      This element specifies the Active Directory user data that is included in the snapshot.

    3. Edit the element so it appears as follows, where ldap_query specifies an LDAP query that defines the users for which data is collected:
      <export object="com.ca.ppm.export.ADUsersCollector">
      	<where attr="%USER" satisfy="ANY">
      		<value op="EQUALS">(ldap_query)</value>
      	</where>
      </export>
      
    4. Locate the following element in the <!--PUPM COLLECTORS--> section:
      <export object="com.ca.ppm.export.ADGroupsCollector">
      </export>
      
    5. Edit the element so it appears as follows, where ldap_query specifies an LDAP query that defines the groups for which data is collected:
      <export object="com.ca.ppm.export.ADGroupsCollector">
      	<where attr="%USER" satisfy="ANY">
      		<value op="EQUALS">(ldap_query)</value>
      	</where>
      </export>
      

      You have limited the scope of the Active Directory snapshot.

  7. Save and close the new snapshot parameter XML file.
  8. Modify the snapshot definition in CA ControlMinder Enterprise Management to use the new snapshot parameter XML file.

    When the capture snapshot task runs, it collects only the data that you specified in the snapshot parameter XML file.

Example: Limit the Scope of Report Snapshots to CA ControlMinder Endpoints

If you do not use SAM and UNAB, you can limit the scope of the report snapshot to collect data only from CA ControlMinder endpoints. To limit the scope of data collection to CA ControlMinder endpoints, you comment (!-- ) and ( --) all the entries under the <-- PUPM COLLECTORS --> section except for the ReportIdMarkerCollector entry.

The following is a snippet from a sample XML file after it was modified to comment all entries under the <-- PUPM COLLECTORS --> section, excluding the ReportIdMarkerCollector entry:

<!--  PUPM COLLECTORS -->
	<!-- export object="com.ca.ppm.export.AccountPasswordCollector">
	</export -->

	<!-- export object="com.ca.ppm.export.PPMRolesCollector">
		<exportattr attr="|rolemembers|" />
	</export -->

	<!-- export object="com.ca.ppm.export.
		PrivilegedAccountExceptionCollector">
	</export -->

	<!-- export object="com.ca.ppm.export.PPMPasswordPolicyCollector">
	</export -->

	<!-- export object="com.ca.ppm.export.ADUsersCollector">
	</export -->

	<export object="com.ca.ppm.export.PPMAccountUserAccessCollector">
	</export --!>

	<!-- export object="com.ca.ppm.export.ADGroupsCollector">
		<exportattr attr="|groupmembers|" />
	</export -->

	<export object="com.ca.ppm.export.ReportIdMarkerCollector">
	</export>