View and download the Permissions analytics report

This article describes how to view and download the Permissions analytics report in Permissions Management for AWS, Azure, and GPC authorization systems.

Note

The Permissions analytics report can be downloaded in Excel and PDF formats.

View the Permissions Analytics Report in the Permissions Management UI

You can view the Permissions Analytics Report information directly in the Permissions Management UI.

  1. In Permissions Management, select Reports in the navigation menu.

  2. Locate the Permissions Analytics Report in the list, then select it.

  3. View detailed report information from the list of categories that are displayed.

    Note

    Categories will vary depending on which Authorization System you are viewing.

  4. To view more detailed information into each category, select the drop-down arrow next to the category name.

Download the Permissions Analytics Report in Excel format

  1. From the Permissions Management home page, select the Reports tab, then select the Systems Reports subtab.

    The Systems Reports subtab displays a list of report names in the Reports table.

  2. Locate the Permissions Analytics Report in the list.

  3. To download the report in Excel format, click on the ellipses (...), the select Generate & Download.

    The Permissions Analytics Report screen is displayed.

  4. Click on Report Format and make sure that XLSX is selected.

  5. Click on Schedule and, if you want to download this report regularly, select the frequency for which you want it downloaded. You can also leave this at the default setting of None.

  6. Click on Authorization Systems and select which system you want to download the report for (AWS, Azure, or GCP).

    Note

    To download a report for all Authorization Systems, check the Collate box. This combines all selected Authorization Systems into one report.

  7. Click Save

    The following message displays: Report has been created.

    Once the Excel file is generated, the report is automatically sent to your email.

Download the Permissions Analytics Report in PDF format

  1. From the Permissions Management home page, select the Reports tab, then select the Systems Reports subtab.

    The Systems Reports subtab displays a list of reports names in the Reports table.

  2. Locate the Permissions Analytics Report in the list, then select it.

  3. Select which Authorization System you want to generate the PDF download for (AWS, Azure, or GCP).

    Note

    You can download a PDF report for up to 10 authorization systems at one time. The authorization systems must be part of the same cloud environment (for example, 1- 10 authorization systems that are all on Amazon Web Service (AWS)).

    The following message displays: Successfully started to generate PDF report.

    Once the PDF is generated, the report(s) is automatically sent to your email.

Terminology and definitions

This list of terms and definitions are here to assist you in understanding the different types of identities and their privileges while viewing analytics reports.

Term Definition
Granted permissions The number of permissions granted due to directly attached policies, policies inherited from a group, and policies attached to a role that are assumed by an identity.
High-risk permission Permissions that have the potential to cause data leakage, service disruption and degradation, or changes in security posture.
Identity An identity is a human identity (user) or workload identity. There are different names and types of workload identities for each cloud. AWS: Lambda function (serverless function), role, resource. Azure: Azure function (serverless function), service principal. GCP: Cloud function (serverless function), service account.
Inactive group Inactive groups have members who haven't used their granted permissions in the current environment (I.e. AWS Account)  in the last 90 days.  
Inactive identity Inactive identities haven't used their granted permissions in the current environment (i.e. AWS Account) the last 90 days.
Over-provisioned active identity Over-provisioned active identities aren't using all the permissions they've been granted in the current environment.
Permission A permission is an action an identity can perform on a resource.
Privilege escalation Identities with privilege escalation can increase the number of permissions they've been granted. They can do this to potentially acquire full administrative control of the AWS account or GCP project.
Super identity Super identities are granted permissions to all actions and resources in the current environment (i.e. AWS account).
Used permissions The number of permissions used by an identity in the last 90 days.

Next steps