Audit query in iManager does not decode values properly.

  • 3965000
  • 05-Nov-2007
  • 26-Apr-2012

Environment


Novell Audit 2.0.2
Novell iManager 2.6
Novell iManager 2.5

Situation

When querying the channel for Audit data the values in some fields may not be decoded properly. One example is the 'value1' field which can, at times, store an IP address. When using the collection owner or admin-equivalent user the decoding takes place properly. When using another user lacking rights this does not work properly.

Resolution

The Novell Audit plugins in iManager use the rights of the logged in user to perform their queries. As a result if the user itself does not have rights to do something in eDirectory iManager will also lack those rights. When creating custom Roles and Tasks in iManager to perform specific tasks always be sure to grant the appropriate rights to the Task that will be assigned to the end user.

In this case while the plugins were able to query the data in the database they did not have the necessary rights to read the instrumentation's configuration from the 'Logging Services' container in eDirectory. Granting the user or task Read rights to the Logging Services container as a whole resolved the issue. Rights should be assigned as granularly as possible so assigning rights ONLY to 'Applications.Logging Services' is a good idea as well if only those rights are needed. The rights needed will depend on what the Task should be able to do. To see what the tasks have by default see the Role Based Services (RBS) information in iManager for the existing tasks.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.