|
||
Selected operations performed in QPR Foundation Server can be recorded into a log file called "FoundationServerUserAudit.txt". If logging is enabled, the log file is generated to the "Audit" folder under the log folder that can be defined in the Server log settings of the Common section in the QPR Configuration Manager utility. To enable logging, launch QPR Configuration Manager, select Server log settings from the Common section, and select Basic logging enabled or Full logging enabled from the User audit log settings for QPR Foundation Server. By default, the logging is off.
The changes audited include the following QPR Foundation Server operations:
•Changing the product permissions method
•Changing product permissions (user or group specific)
•Adding or deleting users and groups (includes manual user import with QPR User Management System Client and synchronization with AD or LDAP)
•Changing user or group licenses
The Structure of the Log File
The fields of the log file are separated with tabulators. Each row contains a separate transaction made for a particular user or a group.
The log file includes the following data:
Field |
Format or value |
Description |
---|---|---|
TIME |
<hh>:<mm>:<ss> |
Time stamp when the transaction is made |
DATE |
<mm>/<dd>/<yy> |
Time stamp when the transaction is made |
USER LOGIN |
<user's login name> |
Login name for the user performing the transaction |
USER NAME |
<user's real name> |
Full name of the user performing the transaction |
OPERATION |
•Grant/Revoke for permissions •Add/Delete for objects |
Single operation performed |
TARGET USER |
<targeted user's name> |
User object against whom the operation is performed |
TARGET GROUP |
<targeted group's name> |
Group object against whom the operation is performed |
PRODUCT |
Licenses: •MEU: QPR Metrics User •MEV: QPR Metrics Viewer •EAU: QPR EnterpriseArchitect User •PDU: QPR ProcessDesigner User •MOV: QPR Modeling Viewer
Product rights: •ME: QPR Metrics •MO: QPR Modeling •PORTAL: QPR Portal •UMS: QPR User Management |
Product object or license against which the operation is performed |
PERMISSION |
•Basic/Administrate for MO and ME •View/Update/Administrate for PORTAL and UMS |
Changed product permission |
PRODUCT PERMISSION METHOD |
•Inherit From Group •Use System Administrator •Use User Specific |
Changed product permission method |
If the full logging option is selected and the operation is made for a group to modify group specific permissions, separate log entries for each user (member of the group) are written to the log file. If the user group management method is synchronized with NT or LDAP, the 'LOGIN' is 'system' and the "Grant User Permissions" lines are written only if full logging is selected, since the user uses the group's rights.
Note that the user's group synchronization is done only when the user logs in to the system and the audit log reflects the current situation in the User Management System database, not necessarily the situation in NT or LDAP. Thus, the audit log may contain information that is not up-to-date but the information is automatically updated the next time the user logs in since the user is at that point removed from the old group(s) and added to the new one(s) and the audit log entries are written for this change.
Example Log File Contents
TIME |
DATE |
USER LOGIN |
USER NAME |
OPERATION |
TARGET USER |
TARGET GROUP |
PRODUCT |
PERMISSION |
PRODUCT PERMISSION METHOD |
---|---|---|---|---|---|---|---|---|---|
16:00:42 |
11/19/07
|
qpr |
Demo User |
Add User
|
new user |
- |
- |
-
|
-
|
16:00:42 |
11/19/07 |
qpr |
Demo User |
Grant Product Method |
new user |
- |
- |
- |
Use User Specific |
16:00:42 |
11/19/07 |
qpr |
Demo User |
Grant User Permissions |
new user |
- |
PORTAL |
Administrate |
- |
16:00:42 |
11/19/07 |
qpr |
Demo User |
Grant User Permissions |
new user |
- |
MO |
Basic |
- |