Symantec Access Management

Hi,

Report Server Connection and Audit Report Connection are not set up in my environment. But, I could see the audit details in 'View Submitted Tasks' and 'View My Submitted Tasks'. 

1) From where these details are getting fetched?

2) What are the tasks which will be audited? How to control/change this auditing?

Thanks.

Regards,

Dhilip

Hi   Dhi1ip,

Can you please send us screen shot?

Thanks,

Shankar

Hi Dhilip,

View Submitted Task reports shows information stored in OBJECT12 table of WAMUI and not related to Audit store.

The table OBJECT12 stores information about the tasks (any task for example user has logged in to UI) created by the WAM UI.

If you delete the information from the table OBJECT12 then the reports "View My Submitted Tasks" and "View Submitted Task" will be affected (Information for that specific time frame will be lost!).

Refer :

Table OBJECT12 grows with no limit in the Object Store
https://support.ca.com/us/knowledge-base-articles.TEC487211.html

Regards,

Leo Joseph.

Hi Leo Joseph,

Thanks for your response.

1) Could you please let me know how we can view the content of the object store (which is in derby folder)? It would be very helpful if you can share some article about the object store (configuration and use).

2) May I know the name of the script which has been referred in the article (which you have shared in your previous mail)?

3) Will the cleanup of OBJECT12 table happen automatically(as I could find the details  for only about 3 to 4 months)? If yes, what is the time period for this auto clean up?

Regards,

Dhilip

Hi Dhilip,

OBJECT12 & Object Store mentioned were from Older version of Siteminder Admin UI.

In the newer version it is "derby" folder located under

<Install_location\CA\siteminder\adminui\server\default\data\derby or <install_location\CA\siteminder\adminui\standalone\data\derby

Refer : https://support.ca.com/us/knowledge-base-articles.TEC1544737.html

What info is contained derby folder under adminui install path ?

It is contained about IAM security permissions. (login to AdminUI, create, read and delete object...etc)

When you update some object in AdminUI, IAM read this permissions in derby at first.

If user who update some objects is granted for this task, he can update some objects in Policy Store.

And, the size dat files under derby folder are increased, or new dat files are created.

Regards,

Leo Joseph.

Hi Leo Joseph,

Thanks for your response.

1) Could you please let me know if there a way/tool to view the content which is stored in .dat format (in derby folder)?

2) From your previous mail, I understood that Task Persistence database is used to track tasks performed from AdminUI. Similarly, what is the use of Object Store database (which is in derby folder)?

3) In new version, is it possible to use only derby as object store and task persistence db?

Regards,

Dhilip

Hi all,

Could you please provide your response for the above queries?

Thanks.

Regards,

Dhilip

Hi Dhilip,

My answers inline :

1) Could you please let me know if there a way/tool to view the content which is stored in .dat format (in derby folder)?

Ujwol => No, there are no tools to view the derby database. This is internal to Admin UI framework.

2) From your previous mail, I understood that Task Persistence database is used to track tasks performed from AdminUI. Similarly, what is the use of Object Store database (which is in derby folder)?

Ujwol => Correct . It is derby as well.

3) In new version, is it possible to use only derby as object store and task persistence db?

Ujwol=> No it is not possible to choose different database types for object store and task persistence db.

Going back to your original question now , you said :

"Report Server Connection and Audit Report Connection are not set up in my environment

But, I could see the audit details in 'View Submitted Tasks' and 'View My Submitted Tasks'. "

Ujwol => Can you share screenshot for this ? I doubt this is related to any of those two connections you mentioned.

Hi Ujwol,

Thanks for your response.

Regarding your feedback for the second point, basically I would like to know the purpose/use case of Object Store database. 

Regarding third point, please confirm if my understanding is correct. The database type of object store and task persistence should be same and the only allowed database type is derby.

Regarding initial question, PFB the requested screenshot.

Thanks.

Regards,

Dhilip

Hi Ujwol,

Could you please provide your response for the above queries?

Thanks.

Regards,

Dhilip

My comments inline.

Dhilip - "Regarding your feedback for the second point, basically I would like to know the purpose/use case of Object Store database. "

Ujwol -> This is internal to IAM framework which is used by Administrative UI. I believe this is used to store the admin roles/permission etc. 

Dhilip - "Regarding third point, please confirm if my understanding is correct. The database type of object store and task persistence should be same and the only allowed database type is derby."

Ujwol => In older version of Admin UI (r12.0Sp1 and earlier) , there used to be an option to configure external database for object store/task persistence db. However, in the newer version , that option is no longer there.

Now, everything is stored in internal derby db :

Dhilip - "Regarding initial question, PFB the requested screenshot."

Ujwol => This is NOT coming from siteminder audit/report database.

This information is coming from AdminUI internal task persistence database where it keep tracks of various action performed on UI.

HI Ujwol,

Thanks for the confirmation.

Regards,

Dhilip

Table OBJECT12 grows with no limit in the Object Store 

This is outdated KB. We no longer provide an option to configure external db for object store/task persistence db.

Hence, I have retried this KB effective immediately.