View analytic information about active resources
The Analytics dashboard in Permissions Management collects detailed information, analyzes, reports on, and visualizes data about all identity types. System administrators can use the information to make informed decisions about granting permissions and reducing risk on unused permissions for:
- Users: Tracks assigned permissions and usage of various identities.
- Groups: Tracks assigned permissions and usage of the group and the group members.
- Active Resources: Tracks resources that identities have performed actions on (in the last 90 days).
- Active Tasks: Tracks active tasks (performed in the last 90 days).
- Access Keys: Tracks the permission usage of access keys for a given user.
- Serverless Functions: Tracks assigned permissions and usage of the serverless functions.
This article describes how to view usage analytics about active resources.
Create a query to view active resources
On the main Analytics dashboard, select Active Resources from the drop-down list at the top of the screen.
The dashboard only lists tasks that are active. The following components make up the Active Resources dashboard:
From the dropdowns, select:
- Authorization System Type: The authorization you want to use: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).
- Authorization System: The List of accounts and Folders you want to include.
- Tasks Type: Select All tasks, High Risk Tasks or, for a list of tasks where users have deleted data, select Delete Tasks.
- Service Resource Type: The service resource type.
- Search: Enter criteria to find specific tasks.
Select Apply to display the criteria you've selected.
Select Reset Filter to discard your changes.
View the results of your query
The Active Resources table displays the results of your query:
- Resource Name: Provides the name of the task.
- To view details about the task, select the down arrow.
- Account: The name of the account.
- Resources Type: The type of resources used, for example, bucket or key.
- Tasks: Displays the number of Granted and Executed tasks.
- Number of Users: The number of users with access and accessed.
- Select the ellipses (...) and select Tags to add a tag.
Add a tag to an active resource
- Select the ellipses (...) and select Tags.
- From the Select a Tag dropdown, select a tag.
- To create a custom tag select New Custom Tag, add a tag name, and then select Create.
- In the Value (Optional) box, enter a value.
- Select the ellipses (...) to select Advanced Save options, and then select Save.
- To add the tag to the serverless function, select Add Tag.
Apply filters to your query
There are many filter options within the Active Resources screen, including filters by Authorization System, filters by User and filters by Task. Filters can be applied in one, two, or all three categories depending on the type of information you're looking for.
Apply filters by authorization system
From the Authorization System Type dropdown, select the authorization system you want to use: AWS, Azure, or GCP.
Select Apply to run your query and display the information you selected.
Select Reset Filter to discard your changes.
Apply filters by authorization system type
From the Authorization System Type dropdown, select the authorization system you want to use: AWS, Azure, or GCP.
From the Authorization System dropdown, select from a List of accounts and Folders.
Select Apply to run your query and display the information you selected.
Select Reset Filter to discard your changes.
Apply filters by task type
You can filter user details by type of user, user role, app, or service used, or by resource.
From the Authorization System Type dropdown, select the authorization system you want to use: AWS, Azure, or GCP.
From the Authorization System dropdown, select from a List of accounts and Folders.
From the Task Type, select the type of user: All, User, Role/App/Service a/c, or Resource.
Select Apply to run your query and display the information you selected.
Select Reset Filter to discard your changes.
Apply filters by service resource type
You can filter user details by type of user, user role, app, or service used, or by resource.
From the Authorization System Type dropdown, select the authorization system you want to use: AWS, Azure, or GCP.
From the Authorization System dropdown, select from a List of accounts and Folders.
From the Service Resource Type, select the type of service resource.
Select Apply to run your query and display the information you selected.
Select Reset Filter to discard your changes.
Export the results of your query
- To view a report of the results of your query as a comma-separated values (CSV) file, select Export, and then select CSV.
Next steps
- To track the permission usage of access keys for a given user, see View usage analytics about access keys.
- To track assigned permissions and usage of the serverless functions, see View usage analytics about serverless functions.