Skip to Content

IdM 8.0 Role Change log

Hi all,

We recently had two business roles deleted from IdM 8.0 which caused a catastrophic loss of access throughout our landscape. How can I find out the root cause of who/what deleted the business roles?

Many Thanks,

Stu

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Mar 01 at 05:20 AM

    Hi Stu,

    You can try at MXUV_ALL_OENTRIES or MXUV_OENTRIES views in DB.

    Regards,

    Jay

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 01 at 12:02 PM

    Hi Stu,

    Please check in the idmv_ovalue_basic_all view as below.

    Select * from idmv_ovalue_basic_all where mskey in (select distinct mskey from idmv_ovalue_basic_all where attrname = 'MSKEYVALUE' and searchvalue = 'please provide the role mskeyvalue here inside quotes')

    Based on user id column you can identify, how the entry has been deleted.

    For more information please check the below link

    https://help.sap.com/viewer/4773a9ae1296411a9d5c24873a8d418c/8.0/en-US/05afe40aba4e4c22accc17ac30d88148.html

    Regards,

    Deva

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 01 at 03:10 PM

    Hello Stu,

    depending on if you have a UI mask to delete business roles, you can also check the job log of that workflow for the specific day, take the auditid (name of the deleted business role should be visible in the job log entry) and use it in the "Provisioning Audit" on the Admin-UI. The name of the deleted role will be visible here.

    If someone used the UI mask to delete the business role, the name of that person should be shown under the tab "Started by". If you only get strange letters and numbers (example from 7.2: #579:MODIFY;844505360;0), that it was deleted via a job or workflow and you need to dive into the database to get more info.

    .

    I like to check the provitioning audit first, if someone reports something strange to see if I can find a username related to the case (account was deleted or something else).

    .

    Regards,

    Steffi.

    Add comment
    10|10000 characters needed characters exceeded