cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IdM 8.0 Role Change log

former_member568550
Discoverer

on ‎03-01-2018 2:29 AM

0 Kudos

Hi all,

We recently had two business roles deleted from IdM 8.0 which caused a catastrophic loss of access throughout our landscape. How can I find out the root cause of who/what deleted the business roles?

Many Thanks,

Stu

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

devaprakash_b
Active Contributor
‎03-01-2018 12:02 PM

Hi Stu,

Please check in the idmv_ovalue_basic_all view as below.

Select * from idmv_ovalue_basic_all where mskey in (select distinct mskey from idmv_ovalue_basic_all where attrname = 'MSKEYVALUE' and searchvalue = 'please provide the role mskeyvalue here inside quotes')

Based on user id column you can identify, how the entry has been deleted.

For more information please check the below link

https://help.sap.com/viewer/4773a9ae1296411a9d5c24873a8d418c/8.0/en-US/05afe40aba4e4c22accc17ac30d88...

Regards,

Deva

Show replies
Show replies
former_member568550
Discoverer
‎03-01-2018 9:20 PM
0 Kudos

deleted-role-3118.txt

Thanks for your input Deva,. I ran this query as you suggested and received the attached output. Column userID references a job ID, but not a user. Can this be used as a reference in another view to identify the user that initiated the job?

devaprakash_b
Active Contributor
‎03-05-2018 8:08 AM
0 Kudos

Hi Stuart,

If job id is mentioned, then via any non provisioning job the entry might have been deleted.

I believe we cannot identify who ran the job.

Regards,

Deva

former_member198652
Active Participant
‎03-01-2018 5:20 AM

Hi Stu,

You can try at MXUV_ALL_OENTRIES or MXUV_OENTRIES views in DB.

Regards,

Jay

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎03-01-2018 3:10 PM
0 Kudos

Hello Stu,

depending on if you have a UI mask to delete business roles, you can also check the job log of that workflow for the specific day, take the auditid (name of the deleted business role should be visible in the job log entry) and use it in the "Provisioning Audit" on the Admin-UI. The name of the deleted role will be visible here.

If someone used the UI mask to delete the business role, the name of that person should be shown under the tab "Started by". If you only get strange letters and numbers (example from 7.2: #579:MODIFY;844505360;0), that it was deleted via a job or workflow and you need to dive into the database to get more info.

.

I like to check the provitioning audit first, if someone reports something strange to see if I can find a username related to the case (account was deleted or something else).

.

Regards,

Steffi.

Show replies
Show replies
Ask a Question