Audit reports
Audit reports provide a historical record of changes across your environment.
Database table audit
Purpose: Shows database table change history.
Executable: databasetableaudit
Table | Type the table name to list all of its audit data. Ensure that you specify a table. Each table has a different number of fields. This report will not work for all tables. |
Profile ID | Type the profile ID of the user to list the audit data relating to this user. Alternatively, you can search for one or more profile IDs. |
Module ID | Type the module ID to list the audit data relating to this module. |
Initiating node | Type the node ID to list the audit data relating to this node. |
Last modified time | Choose a date range for modifications. |
Column | Description |
|---|---|
Commit date | The date and time the database change was committed. |
Node | The node from which the change was initiated. |
Table name | The name of the database table that was modified. |
Sequence | The sequence number of the change. |
Operation | The type of operation performed (insert, update, or delete). |
Profile ID | The profile ID of the user who made the change. |
Module ID | The module that initiated the change. |
Field | The database field that was modified. |
Value | The new value of the modified field. |
System audit
Purpose: Shows system variables change history.
Executable: sysaudit
Criteria | Description |
|---|---|
User ID | Type the profile ID of the user to list system variables that had been modified by this user. Alternatively, you can search for one or more profile IDs. |
Node ID | Type the node ID to list system variables that had been modified from this node. |
Module ID | Type the module ID to list system variables that had been modified by this module. |
System variable group | Select the system variable groups that you want to add to the report output. |
System variable | Select one or more system variables to list their modifications. |
Order by | Select the sorting order of the report output. |
Last modified time | Choose a date range for modifications. |
Show only changes | If checked, the report output lists only system variables that have been modified. |
The report displays the following columns. The column order varies depending on the selected sort order (by date, by user, or by variable).
Column | Description |
|---|---|
Last modified date | The date the system variable was last modified. |
Variable group | The group to which the system variable belongs. |
Variable | The name of the system variable. |
Value | The current or changed value of the system variable. |
Modified by | The profile ID of the user who modified the variable. |
Module ID | The module that initiated the modification. |
Node ID | The node from which the modification was made. |
Status | The status of the modification. |
Operation | The type of operation performed on the system variable. |
Account group audit
Purpose: Audit trail of manage/unmanage operations on account groups. Lists current and historical values.
Executable: groupaudit
Criteria | Description |
|---|---|
Target system ID | Type the ID of the target system to include in the report. Alternatively, you can search for one or more target systems. |
Group ID | Type the ID of the group to include in the report. Alternatively, you can search for one or more groups. |
Operations | Choose the operation type for groups:
|
User ID | Type the ID of the user who performed the operation to include in the report. Alternatively, you can search for one or more users. |
Last modified time | Choose a date range for modifications. |
Column | Description |
|---|---|
Last modified date | The date the manage or unmanage operation was performed. |
Group ID | The identifier of the managed group. |
Group description | The display name of the managed group. |
Target system ID | The short ID of the target system. |
Target system description | The display name of the target system. |
User ID | The profile ID of the user who performed the operation. |
User name | The full name of the user who performed the operation. |
Operation | The type of operation (manage or unmanage). |
User and account history
Purpose: Audit trail of changes to target systems that are being tracked. This includes:
Target system account changes
Managed group membership
Role membership
Profile attributes
Account attributes
Profile attribute changes are not propagated back to target systems by default.
Note
The Track changes option must be enabled for target systems, managed groups, profile attributes, or account attributes in order for data on these entitlements to be collected.
Executable: trackedchanges
Criteria | Description |
|---|---|
Account | Type the long ID, not the short ID, of the account for which you want to list changes. |
User ID | Type the profile ID of the user for whom you want to list changes. Alternatively, you can search for one or more profile IDs. |
Target system ID | Type a comma-and-space-delimited list of target system IDs for which you want to list changes. All target systems are included by default. If this field has a value, the report only lists group membership changes relating to the specified targets. Alternatively, you can search for one or more target systems. |
Managed groups | Type the long ID of one or more managed groups for which you want to list changes. If this field has a value, the report only lists group membership changes relating to the specified groups. Alternatively, you can search for one or more managed groups. |
Roles | Type the role ID of one or more roles for which you want to list changes. If this field has a value, the report only lists role changes relating to the specified role. Alternatively, you can search for one or more roles. |
User attribute | Type the ID of one or more profile attributes for which you want to list changes. Multiple attributes must be a comma separated list. Alternatively, you can search for one or more profile attributes to select. By default, the report will list all profile attributes changes. |
Account attribute | Type the ID of one or more account attributes for which you want to list changes. Multiple attributes must be a comma separated list. Alternatively, you can search for one or more account attributes that have been previously overridden. By default, the report will list all account attribute changes. |
Choose date range | Choose a date range. |
Display tracked changes for | Select from the following:
|
If you do not specify any search criteria, the report output includes all tracked changes.
The columns displayed vary depending on the type of tracked change being reported.
Column | Condition | Description |
|---|---|---|
Last modified date | Always | The date of the change. |
User ID | Always | The profile ID of the user. |
User name | Always | The full name of the user. |
Operation code | Always | The operation code. |
Change description | Always | A description of the tracked change. |
Account ID | Change involves accounts | The account identifier. |
Target system ID | Change involves target systems | The target system short ID. |
Target system description | Change involves target systems | The target system display name. |
Group ID | Change involves groups | The managed group identifier. |
Group description | Change involves groups | The managed group description. |
Role ID | Change involves roles | The role identifier. |
Role description | Change involves roles | The role description. |
Attribute | Change involves attributes | The attribute name. |
Attribute value | Change involves attributes | The attribute value. |
Request | Always | The associated request. |
Account changes history
Purpose: Lists accounts that have been added or deleted, and account attributes that have been changed on a target system.
Executable: accountchanges
Criteria | Description |
|---|---|
Operation | Choose one of the following:
|
Target system ID | Select a target system ID to display account changes on the target system. |
Related target system ID | For the Add operation only. Select a related system ID to view how the account's attributes on the target system map to those on the related system. |
Account | Type the long ID, not the short ID, of the account for which you want to list changes. |
Account attribute used on target system to map to related target system | For the Add operation only. The attribute for mapping in the target system. |
Account attribute used on related target system to map to target system | For the Add operation only. The attribute for mapping in the related target system. |
Show only if account is associated with a profile | If checked, only the accounts that are associated with a profile will be displayed. |
Show profile ID | If checked, the profile ID will be displayed. |
Choose date range | Choose a date range. |
If you do not specify any search criteria, the report output includes all tracked changes.
The report output varies depending on the selected operation mode.
Added accounts
When the operation is set to Add, the report displays the following columns:
Column | Description |
|---|---|
Last modified date | The date the account was added. |
| For each selected target system, the report displays an Account ID column, a User ID column, and additional columns for each selected attribute. |
Deleted accounts
When the operation is set to Delete, the report displays the following columns:
Column | Description |
|---|---|
Last modified date | The date the account was deleted. |
Account ID | The short ID of the deleted account. |
User ID | The profile ID of the associated user. This column is conditional on the account being associated with a profile. |
| Additional columns for each selected attribute. |
Changed accounts
When the operation is set to Change, the report displays the following columns:
Column | Description |
|---|---|
Last modified date | The date the account attribute was changed. |
Account ID | The short ID of the account. |
User ID | The profile ID of the associated user. This column is conditional on the account being associated with a profile. |
Attribute | The name of the changed attribute. |
Value | The new value of the changed attribute. |
Out-of-band group changes
Purpose: Provides details about changes affecting managed groups.
Executable: oobchanges
Criteria | Description |
|---|---|
Out-of-band action | Select an action:
Leaving it blank is the same as selecting all types. |
Display operations | Select an operation:
Leaving it blank is the same as selecting all operations. |
Resource attribute to display | Select resource attributes to be displayed in report. |
Time range | Select time range. |
Resource attribute | Filter results using a resource attribute and criteria. The type of criteria is dependent on the attribute selected. Up to four resource attribute filters can be defined. |
Authorizer ID | Type a comma-and-space-delimited list of authorizer IDs. Alternatively, you can search for one or more authorizers. |
Requester ID | Type a comma-and-space-delimited list of requester IDs. Alternatively, you can search for one or more requesters. |
Managed groups | Type a comma-and-space-delimited list of managed groups. Alternatively, you can search for one or more groups. |
Group owner | Type a comma-and-space-delimited list of group owners. Alternatively, you can search for one or more group owners. |
Column | Description |
|---|---|
Action | The out-of-band action type (addition or deletion). |
Message | A description of the out-of-band change. |
Pre-defined request | The pre-defined request associated with the change, if applicable. |
Group ID | The identifier of the affected managed group. |
Group description | The display name of the affected managed group. |
Target system ID | The short ID of the target system. |
Target system description | The display name of the target system. |
Child user ID | The profile ID of the user member. Displayed for user member changes. |
Child account | The account of the user member. Displayed for user member changes. |
Child group ID | The identifier of the child group. Displayed for group member changes. |
Child group description | The display name of the child group. Displayed for group member changes. |
Child target ID | The target system ID of the child group. Displayed for group member changes. |
Child target description | The target system description of the child group. Displayed for group member changes. |
Requester | The profile ID of the user who requested the change. |
Authorizer ID | The profile ID of the authorizer who approved the change. |
Date | The date the change was detected or processed. |
Operation status | The status of the operation. |
Entitlement and attribute history
Purpose: To audit the status of tracked account attributes and entitlements as they existed at a specified reference time. These include:
Target system account changes
Managed group membership
Role membership
Account attribute changes
Note
Track changes must be enabled for target systems, managed groups, and account attributes in order for data on these entitlements to be collected.
This report returns results as a snapshot of their status at the configured time. Only the changes most recent to that point in time will be returned.
Executable entitlementandattributehistory
Criteria | Description |
|---|---|
Account | Type the long ID, not the short ID, of the account for which you want to list changes. |
User ID | Type the profile ID of the user for whom you want to list changes. Alternatively, you can search for one or more profile IDs. |
Target system ID | Type a comma-and-space-delimited list of target system IDs for which you want to list changes. All target systems are included by default. If this field has a value, the report only lists group membership changes relating to the specified targets. Alternatively, you can search for one or more target systems. |
Managed groups | Type the long ID of one or more managed groups for which you want to list changes. If this field has a value, the report only lists group membership changes relating to the specified groups. Alternatively, you can search for one or more managed groups. |
Roles | Type the role ID to search against. |
Display tracked changes for | Select from the following options to return only those results:
|
Reference date | Provide a specific date and time value to return a snapshot of entitlements and attributes as they existed at that point in time. The default setting uses the current date and time, in order to return results as they exist currently. |
If you do not specify any search criteria, the report output includes all of the most recent tracked changes.
The columns displayed vary depending on the type of change being reported.
Column | Condition | Description |
|---|---|---|
User ID | Always | The profile ID of the user. |
Member type | Always | The type of change (group, role, account, or attribute). |
Group ID | Change type is group | The managed group identifier. |
Role ID | Change type is role | The role identifier. |
Account ID | Change type is account | The account identifier. |
Target system ID | Change type is account | The target system short ID. |
Attribute | Change type is attribute | The attribute name. |
Attribute value | Change type is attribute | The attribute value. |
Added on | Always | The date the entitlement or attribute was added. |
Added by | Always | The user or process that made the change. |
Account audit
Purpose: Audit trail of accounts created and disabled through Bravura Security Fabric
Executable: accountaudit
Criteria | Description |
|---|---|
Account | Type the long ID, not the short ID, of the account for which you want to list changes. |
Target system ID | Type the ID of the target system to include in the report. Alternatively, you can search for one or more target systems. |
User ID | Type the ID of the user who performed the operation to include in the report. Alternatively, you can search for one or more users. |
Operation | Choose the operation type for accounts:
|
Column | Description |
|---|---|
Account ID | The short ID of the account. |
Account long ID | The long ID of the account. |
User name | The full name of the user associated with the account. |
Target system ID | The short ID of the target system. |
Target system description | The display name of the target system. |
Operation | The type of operation performed on the account (provisioned or disabled, through or outside of Bravura Security Fabric). |
Managed by Bravura Security Fabric | Indicates whether the operation was performed through Bravura Security Fabric or outside of it. |
SOX users
Purpose: Allows investigation of all suspicious user activity that falls under SOX definition.
Executable: soxusers
Criteria | Description |
|---|---|
Report type | Select the report type:
|
User ID | Type the user ID of the user or users for whom you want to include in the report. Alternatively, you can search for one or more user IDs. All users are included by default. |
Threshold value | Type a number to define the threshold. The default value is 1. |
Time range | Choose a time range . |
Self requests only | Select this option to show operations that users do for themselves. |
Successful requests only | Select this option to show operations that have become effective. |
Summarize report | Select this option to summarize the report. This option groups items in order to reduce the number of rows and shows only counts by users. |
The report output varies depending on the selected report type and whether the summarize option is enabled.
Summary: User states
When User states is selected with Summarize report enabled:
Column | Description |
|---|---|
Count | The number of occurrences. |
User ID | The profile ID of the user. |
User name | The full name of the user. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Summary: User passwords
When User passwords is selected with Summarize report enabled:
Column | Description |
|---|---|
Count | The number of occurrences. |
User ID | The profile ID of the user. |
User name | The full name of the user. |
Summary: User attributes
When User attributes is selected with Summarize report enabled:
Column | Description |
|---|---|
Count | The number of occurrences. |
User ID | The profile ID of the user. |
User name | The full name of the user. |
Detailed: User states
When User states is selected without summarization:
Column | Description |
|---|---|
User ID | The profile ID of the user. |
User name | The full name of the user. |
Execution date | The date the operation was executed. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Requester ID | The profile ID of the requester. |
Requester name | The full name of the requester. |
Request date | The date the request was submitted. |
Request reason | The reason provided for the request. |
Pre-defined request | The pre-defined request used, if applicable. |
Authorizer notes | Notes provided by the authorizer. |
Authorizer ID | The profile ID of the authorizer. |
Authorizer name | The full name of the authorizer. |
Request ID | The unique identifier of the request. |
Request status | The current status of the request. |
Completed | The date the request was completed. |
Detailed: User passwords
When User passwords is selected without summarization:
Column | Description |
|---|---|
User ID | The profile ID of the user. |
User name | The full name of the user. |
Account long ID | The long ID of the account. |
Requester ID | The profile ID of the requester. |
Execution date | The date the operation was executed. |
Request type | The type of password request. |
Completed | The date the request was completed. |
Detailed: User attributes
When User attributes is selected without summarization:
Column | Description |
|---|---|
User ID | The profile ID of the user. |
User name | The full name of the user. |
Execution date | The date the operation was executed. |
Requester ID | The profile ID of the requester. |
Requester name | The full name of the requester. |
Request date | The date the request was submitted. |
Request reason | The reason provided for the request. |
Authorizer ID | The profile ID of the authorizer. |
Authorizer name | The full name of the authorizer. |
Authorizer notes | Notes provided by the authorizer. |
Attribute ID | The identifier of the changed attribute. |
Attribute value | The new value of the attribute. |
Request ID | The unique identifier of the request. |
Request status | The current status of the request. |
Completed | The date the request was completed. |
SOX groups
Purpose: This new report allows investigation of all suspicious group activity that falls under SOX definition.
Executable: soxgroups
Criteria | Description |
|---|---|
Report type | Select the report type:
|
User ID | Type the user ID of the user or users for whom you want to include in the report. Alternatively, you can search for one or more user IDs. All users are included by default. |
Group ID | Type the ID of the group to include in the report. Alternatively, you can search for one or more groups. |
Target system ID | Type a comma-and-space-delimited list of target system IDs for which you want to list changes. All target systems are included by default. If this field has a value, the report only lists group membership changes relating to the specified targets. Alternatively, you can search for one or more target systems. |
Threshold value | Type a number to define the threshold. The default value is 1. |
Time range | Choose a time range. |
Self requests only | Select this option to show operations that users do for themselves. |
Successful requests only | Select this option to show operations that have become effective. |
Summarize report | Select this option to summarize the report. This option groups items in order to reduce the number of rows and shows only counts by users. |
The report output varies depending on the selected report type and whether the summarize option is enabled.
Summary: Group states
When Group states is selected with Summarize report enabled:
Column | Description |
|---|---|
Count | The number of occurrences. |
User ID | The profile ID of the user. |
User name | The full name of the user. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Summary: Group management
When Group management is selected with Summarize report enabled:
Column | Description |
|---|---|
Count | The number of occurrences. |
Owner user | The profile ID of the group owner. |
Owner account | The account of the group owner. |
Owner group | The group that owns the managed group. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Summary: Group memberships
When Group membership is selected with Summarize report enabled:
Column | Description |
|---|---|
Count | The number of occurrences. |
Member user | The profile ID of the group member. |
Member account | The account of the group member. |
Member group | The child group that is a member. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Detailed: Group states
When Group states is selected without summarization:
Column | Description |
|---|---|
Requester ID | The profile ID of the requester. |
Requester name | The full name of the requester. |
Group ID | The identifier of the managed group. |
Group description | The display name of the managed group. |
Operation date | The date the operation was performed. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Request date | The date the request was submitted. |
Request reason | The reason provided for the request. |
Pre-defined request | The pre-defined request used, if applicable. |
Authorizers | The authorizers who approved the request. |
Request ID | The unique identifier of the request. |
Request status | The current status of the request. |
Completed | The date the request was completed. |
Detailed: Group management
When Group management is selected without summarization:
Column | Description |
|---|---|
Owner user | The profile ID of the group owner. |
Owner account | The account of the group owner. |
Owner group | The group that owns the managed group. |
Operation date | The date the operation was performed. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Group ID | The identifier of the managed group. |
Group description | The display name of the managed group. |
Requester ID | The profile ID of the requester. |
Requester name | The full name of the requester. |
Request date | The date the request was submitted. |
Request reason | The reason provided for the request. |
Pre-defined request | The pre-defined request used, if applicable. |
Authorizers | The authorizers who approved the request. |
Request ID | The unique identifier of the request. |
Request status | The current status of the request. |
Completed | The date the request was completed. |
Detailed: Group memberships
When Group membership is selected without summarization:
Column | Description |
|---|---|
Member user | The profile ID of the group member. |
Member account | The account of the group member. |
Member group | The child group that is a member. |
Operation date | The date the operation was performed. |
Operation ID | The operation identifier. |
Operation description | A description of the operation. |
Group ID | The identifier of the managed group. |
Group description | The display name of the managed group. |
Requester ID | The profile ID of the requester. |
Requester name | The full name of the requester. |
Request date | The date the request was submitted. |
Request reason | The reason provided for the request. |
Pre-defined request | The pre-defined request used, if applicable. |
Authorizers | The authorizers who approved the request. |
Request ID | The unique identifier of the request. |
Request status | The current status of the request. |
Completed | The date the request was completed. |
Account existence
Purpose: Show a list of all of the accounts that existed on a target system on a given date. The output columns contain:
Target system
Target system group
Account
Profile name / profile full name
Date created
Date invalidated if applicable
Executable: accountexists
Criteria | Description |
|---|---|
User ID | Type the profile ID of the user for whom you want to check the existence of accounts. Alternatively, you can search for one or more profile IDs. |
User name | Type the full name of the user for whom you want to check the existence of accounts. |
Account | Type a comma-and-space-delimited list of long IDs (not short IDs) that match the accounts you want to include in the report. Alternatively, you can search for one or more accounts. |
Target system ID | Type a comma-and-space-delimited list of target system IDs to only include accounts from those systems. Alternatively, you can search for one or more target systems. |
Target system group | Select the target system group on which to check for the existence of accounts. |
Reference date | Select the date used to check for the existence of the accounts |
Column | Description |
|---|---|
Account ID | The short ID of the account. |
Date created | The date the account was created. |
Deletion date | The date the account was deleted, if applicable. |
Account long ID | The long ID of the account. |
User | The profile ID of the user associated with the account. |
Target system ID | The short ID of the target system. |
Target system description | The display name of the target system. |
Target system group | The target system group. This column is displayed only when Bravura Pass is licensed. |