Skip to Content
0

IdM 8.0 Role Change log

Mar 01 at 02:29 AM

53

avatar image

Hi all,

We recently had two business roles deleted from IdM 8.0 which caused a catastrophic loss of access throughout our landscape. How can I find out the root cause of who/what deleted the business roles?

Many Thanks,

Stu

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Jaya Kumar Mar 01 at 05:20 AM
1

Hi Stu,

You can try at MXUV_ALL_OENTRIES or MXUV_OENTRIES views in DB.

Regards,

Jay

Share
10 |10000 characters needed characters left characters exceeded
Deva Prakash B Mar 01 at 12:02 PM
1

Hi Stu,

Please check in the idmv_ovalue_basic_all view as below.

Select * from idmv_ovalue_basic_all where mskey in (select distinct mskey from idmv_ovalue_basic_all where attrname = 'MSKEYVALUE' and searchvalue = 'please provide the role mskeyvalue here inside quotes')

Based on user id column you can identify, how the entry has been deleted.

For more information please check the below link

https://help.sap.com/viewer/4773a9ae1296411a9d5c24873a8d418c/8.0/en-US/05afe40aba4e4c22accc17ac30d88148.html

Regards,

Deva

Show 2 Share
10 |10000 characters needed characters left characters exceeded

deleted-role-3118.txt

Thanks for your input Deva,. I ran this query as you suggested and received the attached output. Column userID references a job ID, but not a user. Can this be used as a reference in another view to identify the user that initiated the job?

0

Hi Stuart,

If job id is mentioned, then via any non provisioning job the entry might have been deleted.

I believe we cannot identify who ran the job.

Regards,

Deva

0
Steffi Warnecke
Mar 01 at 03:10 PM
0

Hello Stu,

depending on if you have a UI mask to delete business roles, you can also check the job log of that workflow for the specific day, take the auditid (name of the deleted business role should be visible in the job log entry) and use it in the "Provisioning Audit" on the Admin-UI. The name of the deleted role will be visible here.

If someone used the UI mask to delete the business role, the name of that person should be shown under the tab "Started by". If you only get strange letters and numbers (example from 7.2: #579:MODIFY;844505360;0), that it was deleted via a job or workflow and you need to dive into the database to get more info.

.

I like to check the provitioning audit first, if someone reports something strange to see if I can find a username related to the case (account was deleted or something else).

.

Regards,

Steffi.

Share
10 |10000 characters needed characters left characters exceeded