Environment
Novell Audit 2.0.2
Novell iManager 2.6
Novell iManager 2.5
Situation
When querying the channel for Audit data the values in some fields
may not be decoded properly. One example is the 'value1'
field which can, at times, store an IP address. When using
the collection owner or admin-equivalent user the decoding takes
place properly. When using another user lacking rights this
does not work properly.
Resolution
The Novell Audit plugins in iManager use the rights of the logged
in user to perform their queries. As a result if the user
itself does not have rights to do something in eDirectory iManager
will also lack those rights. When creating custom Roles and
Tasks in iManager to perform specific tasks always be sure to grant
the appropriate rights to the Task that will be assigned to the end
user.
In this case while the plugins were able to query the data in the database they did not have the necessary rights to read the instrumentation's configuration from the 'Logging Services' container in eDirectory. Granting the user or task Read rights to the Logging Services container as a whole resolved the issue. Rights should be assigned as granularly as possible so assigning rights ONLY to 'Applications.Logging Services' is a good idea as well if only those rights are needed. The rights needed will depend on what the Task should be able to do. To see what the tasks have by default see the Role Based Services (RBS) information in iManager for the existing tasks.
In this case while the plugins were able to query the data in the database they did not have the necessary rights to read the instrumentation's configuration from the 'Logging Services' container in eDirectory. Granting the user or task Read rights to the Logging Services container as a whole resolved the issue. Rights should be assigned as granularly as possible so assigning rights ONLY to 'Applications.Logging Services' is a good idea as well if only those rights are needed. The rights needed will depend on what the Task should be able to do. To see what the tasks have by default see the Role Based Services (RBS) information in iManager for the existing tasks.