Symantec Access Management

Expand all | Collapse all

CA SSO: Query regarding audit

Jump to Best Answer
  • 1.  CA SSO: Query regarding audit

    Posted 10-06-2017 02:33 AM

    Hi,

     

    Report Server Connection and Audit Report Connection are not set up in my environment. But, I could see the audit details in 'View Submitted Tasks' and 'View My Submitted Tasks'. 

    1) From where these details are getting fetched?

    2) What are the tasks which will be audited? How to control/change this auditing?

     

    Thanks.

     

    Regards,

    Dhilip



  • 2.  Re: CA SSO: Query regarding audit

    Posted 10-06-2017 06:42 AM

    Hi   Dhi1ip,

     

    Can you please send us screen shot?

     

    Thanks,

    Shankar



  • 3.  Re: CA SSO: Query regarding audit

    Posted 10-06-2017 06:54 AM

    Hi Dhilip,

     

    View Submitted Task reports shows information stored in OBJECT12 table of WAMUI and not related to Audit store.

     

    The table OBJECT12 stores information about the tasks (any task for example user has logged in to UI) created by the WAM UI.

     

    If you delete the information from the table OBJECT12 then the reports "View My Submitted Tasks" and "View Submitted Task" will be affected (Information for that specific time frame will be lost!).

    Refer :


    Table OBJECT12 grows with no limit in the Object Store
    https://support.ca.com/us/knowledge-base-articles.TEC487211.html

     

    Regards,

    Leo Joseph.



  • 4.  Re: CA SSO: Query regarding audit

    Posted 10-06-2017 08:39 AM

    Hi Leo Joseph,

     

    Thanks for your response.

     

    1) Could you please let me know how we can view the content of the object store (which is in derby folder)? It would be very helpful if you can share some article about the object store (configuration and use).

     

    2) May I know the name of the script which has been referred in the article (which you have shared in your previous mail)?

     

    3) Will the cleanup of OBJECT12 table happen automatically(as I could find the details  for only about 3 to 4 months)? If yes, what is the time period for this auto clean up?

     

    Regards,

    Dhilip



  • 5.  Re: CA SSO: Query regarding audit

    Posted 10-06-2017 09:05 AM

    Hi Dhilip,

     

    OBJECT12 & Object Store mentioned were from Older version of Siteminder Admin UI.

     

    In the newer version it is "derby" folder located under

     

    <Install_location\CA\siteminder\adminui\server\default\data\derby or <install_location\CA\siteminder\adminui\standalone\data\derby

     

    Refer : https://support.ca.com/us/knowledge-base-articles.TEC1544737.html

     

    What info is contained derby folder under adminui install path ?

     

    It is contained about IAM security permissions. (login to AdminUI, create, read and delete object...etc)

    When you update some object in AdminUI, IAM read this permissions in derby at first.

    If user who update some objects is granted for this task, he can update some objects in Policy Store.

    And, the size dat files under derby folder are increased, or new dat files are created.

     

    Regards,

    Leo Joseph.



  • 6.  Re: CA SSO: Query regarding audit

    Posted 10-06-2017 09:58 AM

    Hi Leo Joseph,

     

    Thanks for your response.

     

    1) Could you please let me know if there a way/tool to view the content which is stored in .dat format (in derby folder)?

     

    2) From your previous mail, I understood that Task Persistence database is used to track tasks performed from AdminUI. Similarly, what is the use of Object Store database (which is in derby folder)?

     

    3) In new version, is it possible to use only derby as object store and task persistence db?

     

    Regards,

    Dhilip



  • 7.  Re: CA SSO: Query regarding audit

    Posted 10-09-2017 01:34 AM

    Hi all,

     

    Could you please provide your response for the above queries?

    Thanks.

     

    Regards,

    Dhilip



  • 8.  Re: CA SSO: Query regarding audit

    Posted 10-09-2017 02:42 AM

    Hi Dhilip,

     

    My answers inline :

     

    1) Could you please let me know if there a way/tool to view the content which is stored in .dat format (in derby folder)?

    Ujwol => No, there are no tools to view the derby database. This is internal to Admin UI framework.

     

    2) From your previous mail, I understood that Task Persistence database is used to track tasks performed from AdminUI. Similarly, what is the use of Object Store database (which is in derby folder)?

    Ujwol => Correct . It is derby as well.

     

    3) In new version, is it possible to use only derby as object store and task persistence db?

    Ujwol=> No it is not possible to choose different database types for object store and task persistence db.

     

    Going back to your original question now , you said :

    "Report Server Connection and Audit Report Connection are not set up in my environment

    But, I could see the audit details in 'View Submitted Tasks' and 'View My Submitted Tasks'. "

     

    Ujwol => Can you share screenshot for this ? I doubt this is related to any of those two connections you mentioned.

     

     

     

     



  • 9.  Re: CA SSO: Query regarding audit

    Posted 10-09-2017 03:18 AM

    Hi Ujwol,

     

    Thanks for your response.

     

    Regarding your feedback for the second point, basically I would like to know the purpose/use case of Object Store database. 

     

    Regarding third point, please confirm if my understanding is correct. The database type of object store and task persistence should be same and the only allowed database type is derby.

     

    Regarding initial question, PFB the requested screenshot.

     

    Thanks.

     

    Regards,

    Dhilip



  • 10.  Re: CA SSO: Query regarding audit

    Posted 10-11-2017 01:13 AM

    Hi Ujwol,

     

    Could you please provide your response for the above queries?

    Thanks.

     

    Regards,

    Dhilip



  • 11.  Re: CA SSO: Query regarding audit
    Best Answer

    Posted 10-11-2017 01:24 AM

    My comments inline.

     

    Dhilip - "Regarding your feedback for the second point, basically I would like to know the purpose/use case of Object Store database. "

     

    Ujwol -> This is internal to IAM framework which is used by Administrative UI. I believe this is used to store the admin roles/permission etc. 

     

    Dhilip - "Regarding third point, please confirm if my understanding is correct. The database type of object store and task persistence should be same and the only allowed database type is derby."

     

    Ujwol => In older version of Admin UI (r12.0Sp1 and earlier) , there used to be an option to configure external database for object store/task persistence db. However, in the newer version , that option is no longer there.

    Now, everything is stored in internal derby db :

     

    Dhilip - "Regarding initial question, PFB the requested screenshot."

     

    Ujwol => This is NOT coming from siteminder audit/report database.

    This information is coming from AdminUI internal task persistence database where it keep tracks of various action performed on UI.



  • 12.  Re: CA SSO: Query regarding audit

    Posted 10-11-2017 02:03 AM

    HI Ujwol,

     

    Thanks for the confirmation.

     

    Regards,

    Dhilip



  • 13.  Re: CA SSO: Query regarding audit

    Posted 10-11-2017 01:27 AM

    Table OBJECT12 grows with no limit in the Object Store 

    This is outdated KB. We no longer provide an option to configure external db for object store/task persistence db.

    Hence, I have retried this KB effective immediately.