on 03-01-2018 2:29 AM
Hi all,
We recently had two business roles deleted from IdM 8.0 which caused a catastrophic loss of access throughout our landscape. How can I find out the root cause of who/what deleted the business roles?
Many Thanks,
Stu
Hi Stu,
Please check in the idmv_ovalue_basic_all view as below.
Select * from idmv_ovalue_basic_all where mskey in (select distinct mskey from idmv_ovalue_basic_all where attrname = 'MSKEYVALUE' and searchvalue = 'please provide the role mskeyvalue here inside quotes')
Based on user id column you can identify, how the entry has been deleted.
For more information please check the below link
Regards,
Deva
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your input Deva,. I ran this query as you suggested and received the attached output. Column userID references a job ID, but not a user. Can this be used as a reference in another view to identify the user that initiated the job?
Hi Stu,
You can try at MXUV_ALL_OENTRIES or MXUV_OENTRIES views in DB.
Regards,
Jay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Stu,
depending on if you have a UI mask to delete business roles, you can also check the job log of that workflow for the specific day, take the auditid (name of the deleted business role should be visible in the job log entry) and use it in the "Provisioning Audit" on the Admin-UI. The name of the deleted role will be visible here.
If someone used the UI mask to delete the business role, the name of that person should be shown under the tab "Started by". If you only get strange letters and numbers (example from 7.2: #579:MODIFY;844505360;0), that it was deleted via a job or workflow and you need to dive into the database to get more info.
.
I like to check the provitioning audit first, if someone reports something strange to see if I can find a username related to the case (account was deleted or something else).
.
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.