Saviynt Forums

yogesh · ‎04/06/2023

I am trying to generate a report that contains all user adds and removals to a role but it seems to me that this table doesnt records all activity:

as can be seen in above screenshot, only removes are being recorded, adds are missing. Is this a bug?

[This post has been edited by a Moderator to move the post to its own thread.]

DaanishJawed · ‎04/10/2023

Hi @yogesh ,

Please get the information from roles_historychangelog table.

Columns that can be referred are as follows -

RoleKey, Operation, NewValue, OldValue, Fieldname

Thanks.

yogesh · ‎04/10/2023

roles_historychangelog seems to be missing the ADDs, and contains the same data shown in my screenshot.

Thus it doesn't contain "ALL" the added and removed users. Is this the expected behaviour? Or is it some bug?

In my screenshot removes are present not adds, how can we remove a role without adding it first? This screenshot thus gives an impression that the information it is showing is incomplete. (The screenshot shows all activity on the roles and there's no second page or anything like that)

DaanishJawed · ‎04/11/2023

Hi @yogesh ,

The history tab at the role page level will record all the changes made at the roles page only.

For ex:

Navigate to Admin > Identity Repository > Roles > Open the role > Click on Users Tab > Add a User. This change will be recorded.

Similar way remove the user and the same will be recorded.

No other history will be recorded.

To your question, In my screenshot removes are present not adds, how can we remove a role without adding it first?

So user can be added via Rules/Request and removed from the Roles page manually following the above steps. In this case, only the removes will be recorded since it is done from the Roles page. This is the expected behavior.

Addition/Removal of users to a ROLE via Rules/Request is not recorded.

Thanks.

yogesh · ‎04/12/2023

Thanks Danish,
You mention that "No other history will be recorded." but what I have found is that roles removed by user update rules, like on user termination as well as roles removed via certifications are also recorded in the screen that I have in my screenshot.

In my particular case, no adds and removes were made from the role management screens as you mention. So there should be no records there.

In conclusion, it now seems to me that only the activity done from ARS is not recorded here, rest everything is. Anyways it would've been much better and consistent if all adds and removes were recorded here. Why skip certain activity? It doesn't even mention anywhere in the UI that information you are seeing might be incomplete and missing.

I'm working on getting a report for SOX audit and it would have been great if all role activity was recorded in one consolidated place.

rushikeshvartak · ‎04/11/2023

Are you adding user from Roles - Users tab?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

yogesh · ‎04/12/2023

The users in the screenshot were added to the role via ARS, I'm working to put together a sox report and it seems there's no one place where all role adds and removes are recorded, some are in one table some are in another.

Saviynt Forums

A report that contains all user adds and removals to a role