Skip to main content

Access explorer queries

To query your access data, navigate to Explore > Search. On the Access explorer page you’ll find pre-built queries to help you explore and understand your organization’s access data so you can mitigate potential security risks. Here’s an overview of the available queries and the ways you can filter them to zoom in on the data that matters most to you.

Security dashboard

To help you quickly and easily track high-risk and sensitive access, the results of select access explorer queries are also summarized on the Security dashboard. Click a dashboard card to be directed to the query results page where you can view the data in more detail, filter the results (when filters are available), and create and download reports. To access the security dashboard, navigate to Explore > Analytics and click the Security tab. The security dashboard shows quick summaries of the following categories:
  • Orphaned accounts - All accounts for all applications with either no account owner or a deactivated user set as the account owner.
  • High-risk accounts - Accounts granted at least one entitlement designated high risk.
  • Inactive accounts (past 30 days) - Accounts with no activity for the past month.
  • High-risk role grants (permanent) - All users granted a role designated high risk with no expiration on the grant.
  • Standing privileges - Users with non-expiring grants to entitlements whose risk level is set to High or Critical.
  • High-risk role grants (temporary) - All users granted a role designated high risk with a time limit on the grant.