Reference timeslots

In essence the product takes snapshots of user entitlements. These snapshots, called timeslots, are created on a regular basis (for example once a week or once a month). This concept provides the opportunity to compare the information contained in different timeslots, monitor the changes or compute trends. Typically, trends use all previously collected timeslots. However, there can occur some side effects during the analysis of data when using all available timeslots. For example, lets assume that a manager would like to see a graph showing the number of defects per month when the snapshots are made on a weekly basis.

The objective of implementing reference timeslots is to dissociate the frequency of data loading from the frequency of data used for time-based analysis.
There are at least 2 usages:

• Event driven

Some snapshots may be more important than others because they contain the data used for a review or for the report generation for an audit. The other timeslots have no official meaning. They are used in a continuous data quality cleaning process or to check on a regular basis if the entitlements respects the security policy. In this use case, only the timeslots used for review or audit should be considered when computing differences with the current situation or when displaying trends.

• Continuous analysis

Even without specific events like audits or reviews, there is a need to follow trends and variations on a larger period. For example, if the data loading occurs once a week. We may consider selecting the first timeslot of each quarter to display a graph about the number of orphan accounts for the last 3 years.

As of version 2017 R3, a new concept has been added to a timeslot: the reference type. It works like a tag associated to the timeslot. Several timeslots can be changed to a reference timeslots. The reference type is any string (up to 32 characters). The type has no meaning for the Brainwave product. The meaning is customer specific. The Brainwave product consider that a timeslot is a reference timeslot if the type is not empty, whatever value it contains.

A workflow process must be used to set the reference type of a timeslot. A Javascript method has been added to the 'workflow' object.

Here is the documentation:

workflow.setReferenceTimeslot(timeslotUid, referenceType);

• timeslotUid is a timeslot identifier. This value can not be empty or null. The timeslot UID should always be given as a parameter even if the timeslot is the current.
• referenceType is timeslot reference type. This value is interpreted at application level. Any value can be set as long as it is less than 32 characters. The product does not interpret this value but checks if it is empty or null to know if the timeslot is a reference timeslot.

One can use a variable modification component that calls a Javascript function. Here is an example to set the workflow timeslot as a reference timeslot :

function setReviewTimeslot() {
      var /*String*/ wfTimeslot = workflow.timeslot;
      workflow.setReferenceTimeslot(wfTimeslot, 'review');
  }

The view editor adds a timeslotreference attribute in Account, Identity, Organisation, Asset, Application, Permission, Right, Usage, Group, Repository, SearchResult, ControlResult, ControlLog and ImportLog.

By adding this attribute in the main concept, the timeslot criteria is disabled so the filtering on the timeslotreference attribute returns all the concepts in all timeslot with a given reference type...

When using business view you can configure a relative timeslot that will be calculated according to the timeslot passed to the businessview (ex: +2, -3), this feature can be parameterized in the configuration of different components (view source, union, join,trend)

By default all timeslots are considered in the calculation of the relative timeslot.

To consider only reference timeslots you have to pass true to the boolean variable Use referenced timeslot.

Example

Bellow you will find a list of all collected timeslots and there type:

• The blue timeslots are reference timeslots
• The green timeslot is the one passed to the businessview
• The red timeslot is the current one

T1 --> T2 --> T3 --> T4 --> T5 --> T6 --> T7 --> T8 --> T9 --> T10 -->T11 --> T12 --> T13

When the option Use referenced timeslot is true then the calculation is performed as following:

When the option Use referenced timeslot is false then the calculation is performed as following:

When the option Use referenced timeslot is empty, the default setting, then if at least one reference timeslot is found in the ledger the behavior will be identical to sending true to Use referenced timeslot

As of version 2017 R3 SP4, a parameter has been added to the igrc_batch.[cmd|sh] command.

The updated command line is shown below:

./igrc_batch.[cmd|.sh] <project name> <config folder> <config name> [SIMULATE|FORCE] [<reference timeslot tag>]

The optional parameter reference timeslot tag is the tag that marks the timeslot as a reference timeslot.

As a reminder this tag must be less that 32 characters long.

The Brainwave product does not automatically make use of this information for the moment.

For example:

When specifying -1 for timeslot comparisons in trends (either in Pages or in Business views) will still use values from the previous timeslot whether it is a normal timeslot or a reference one.

Similarly, sparkline charts in Pages will always retrieve all timeslots.

However, historical charts in Mashup dashboards provide an option to select whether all timeslots or only the reference ones should be used to display the chart.

Future releases of the product will fully leverage reference timeslot information (eg. in trends, sparklines, calendars, etc.) and provide a management GUI for reference timeslots.