QPR Knowledge Base

User Audit Log for QPR User Management Server

Hide Navigation Pane

User Audit Log for QPR User Management Server

Previous topic Next topic No expanding text in this topic  

User Audit Log for QPR User Management Server

Previous topic Next topic JavaScript is required for expanding text Mail us feedback on this topic!  

Comments (...)

Selected operations performed in QPR User Management Server can be recorded into a log file called "UMSUserAudit.txt". If logging is enabled, the log file is generated to the <All Users profile>\Application Data\QPR Software\QPR 8\8.1\Logs\ (C:\ProgramData\QPR Software\QPR 8\8.1\Logs in Windows Vista and later versions) folder (defined with qpr.ini key 'Folder' in [QPR Log] section). To enable logging, you have to modify the qpr.ini file by changing the value of UserRightAuditTrailTrace to either 1 (to enable basic logging) or 2 (to enable full logging) in [UMS Log]. By default, the logging is off.

 

The changes audited include the following QPR User Management Server operations:

Changing the product permissions method
Changing product permissions (user or group specific)
Adding or deleting users and groups (includes manual user import with QPR User Management System Client and synchronization with AD or LDAP)

 

The Structure of the Log File

 

The fields of the log file are separated with tabulators. Each row contains a separate transaction made for a particular user or a group.

 

The log file includes the following data:

 

Field

Format or value

Description

TIME

<hh>:<mm>:<ss>

Time stamp when the transaction is made

DATE

<mm>/<dd>/<yy>

Time stamp when the transaction is made

USER LOGIN

<user's login name>

Login name for the user performing the transaction

USER NAME

<user's real name>

Full name of the user performing the transaction

OPERATION

Grant/Revoke for permissions
Add/Delete for objects

Single operation performed

TARGET USER

<targeted user's name>

User object against whom the operation is performed

TARGET GROUP

<targeted group's name>

Group object against whom the operation is performed

PRODUCT

PGDC: QPR ProcessGuide Development Client
PGP: QPR ProcessGuide Web Client
SCDC: QPR ScoreCard Development Client
SCP: QPR ScoreCard Web Client
PORTAL: QPR Portal
UMS: QPR User Management System

Product object against which the operation is performed

PERMISSION

Basic/Administrate for PGDC, PGP, SCDC and SCP
View/Update/Administrate for PORTAL and UMS

Changed product permission

PRODUCT PERMISSION METHOD

Inherit From Group
Use System Administrator
Use User Specific

Changed product permission method

 

 

If the full logging option is selected and the operation is made for a group to modify group specific permissions, separate log entries for each user (member of the group) are written to the log file. If the user group management method is synchronized with NT or LDAP, the 'LOGIN' is 'system' and the "Grant User Permissions" lines are written only if full logging is selected, since the user uses the group's rights.

 

Note that the user's group synchronization is done only when the user logs in to the system and the audit log reflects the current situation in the User Management System database, not necessarily the situation in NT or LDAP. Thus, the audit log may contain information that is not up-to-date but the information is automatically updated the next time the user logs in since the user is at that point removed from the old group(s) and added to the new one(s) and the audit log entries are written for this change.

 

Example Log File Contents

 

 

TIME

DATE

USER LOGIN

USER NAME

OPERATION

TARGET USER

TARGET GROUP

PRODUCT

PERMISSION

PRODUCT PERMISSION METHOD

16:00:42

11/19/07

 

qpr

Demo User

Add User

 

new user

-

-

-

 

-

 

16:00:42

11/19/07

qpr

Demo User

Grant Product Method

new user

-

-

-

Use User Specific

16:00:42

11/19/07

qpr

Demo User

Grant User Permissions

new user

-

PORTAL

Administrate

-

16:00:42

11/19/07

qpr

Demo User

Grant User Permissions

new user

-

PGP

Basic

-

 

Comments (...)