System information
Identity Manager Administration Guide
Page 96 Identity Manager 7.1 Update 1 • Release Notes
Chapter 8, Task Templates
• The following information should be added to this chapter, in the Configuring the Audit
Tab section: (ID-16797)
The Audited Attribute Report can report attribute-level changes to Identity Manager users
and accounts. However, standard audit logging does not generate enough audit log data to
support a full query expression.
Standard audit logging does write the changed attributes to the
acctAttrChanges
field in
the audit log, but the changed attributes are written in a way that the report query can only
match records based on the changed attribute’s name. The report query cannot accurately
match the attribute's value.
You can configure this report to match records containing changes to the attribute
lastname
, by specifying the following parameters:
Attribute Name = 'acctAttrChanges'
Condition = 'contains'
Value = 'lastname'
It is also possible to capture only those audit records that have a specific attribute with a
specific value, but some additional configuration is required. Use the following
instructions:
a. Open and log in to the Identity Manager Administrator interface:
http://
server-name:port
/idm
b. Select the Server Tasks tab.
c. Select the Configure Tasks tab.
d. Click the Update User Template task (for example).
e. Select the Audit tab.
You should see Audit Controls for the selected task, which performs auditing when a
user update occurs.
f. Select the Audit entire workflow box to activate the workflow auditing feature.
NOTE Using
Condition='contains'
is necessary because of the way data is stored
in the
acctAttrChanges
field. This field is not multi-valued. Essentially, it is
a data structure that contains the
before
/
after
values of all changed
attributes in the form
attrname=value
. Consequently, the preceding
settings allow the report query to match any instances of
lastname=
xxx.