Manualshelf

System information

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
919293949596979899100
Identity Manager Administration Guide
Part Number 820-2952-10 Page 97
g. Click the Add Attribute button (located in the Audit Attributes section) to select the
attributes you want to record for reporting purposes.
h. When the Select an attribute menu displays in the Audit Attributes table, select an
attribute from the list. (For example: Select
user.global.email
from the drop-down
menu).
i. Click Save.
j. You must now enable the configuration as follows:
I. Select Server Tasks > Configure Tasks.
II. Click the Update User Template’s Enable button.
III. Do not change the default value in the Select Process Types list.
Performing this step actually causes the workflow engine to emit the necessary
logging information.
IV. Click Save again.
The workflow can now provide audit records that are suitable for matching both the
attribute name and the value. Although turning on this level of auditing provides much
more information, be aware that there is a significant performance cost and your
workflows will run slower.
Chapter 11, Identity Auditing
The following information has been added to this chapter:
Continuous Compliance
The information in this section currently states that any provisioning operations performed on a
user will cause user- and organization-assigned policies to be evaluated. This information should
be corrected to read as follows: (ID-17416)
Continuous compliance means that an audit policy is applied to all provisioning operations, such that
an account cannot be modified in a way that does not comply with current policy.
You enable continuous compliance by assigning an audit policy to an organization, a user, or both.
Any provisioning operations performed on a user will cause the user-assigned policies to be
evaluated. Any resulting policy failure will interrupt the provisioning operation.
Resolving Auditor Capabilities Limitations
By default, capabilities needed to perform auditing tasks are contained in the Top organization
(object group). As a result, only those administrators who control Top can assign these capabilities
to other administrators.