AuditProfileAttribute Element

Configuration Guide › Auditing › How to Configure Auditing › Audit Settings File › AuditProfileAttribute Element

AuditProfileAttribute Element

AuditProfileAttribute elements indicate the attributes that Identity Manager audits. The attributes apply to the object specified in the AuditProfile element.

Note: If there are no audit profile attributes specified, all the attributes for the object specified in the AuditProfile element are logged.

The AuditProfileAttribute element includes the following parameters:

name

Defines the name of the attribute to audit.

Specify a profile attribute for the object in the corresponding AuditProfile element. For example, if the AuditProfile element specifies the Organization object, specify the name of an organization attribute as the value for the name parameter.

Note: You must define the profile attribute in the directory configuration file for the Identity Manager directory.

auditlevel

Indicates the type of information recorded for an attribute.

AuditLevel Values lists the valid values for the AuditLevel element.

The following table shows the valid attributes for Identity Manager object types:

Valid Attributes for Identity Manager Object Types

Object Type	Valid Attributes
ACCESS ROLE	name—User-visible name for the role description—An optional comment about the purpose of the role members—The users who can use the role administrators—The users who can assign role member or administrators owners—The users who can modify the role enabled—Indicates whether or not the role is enabled assignable—Indicates whether the role can be assigned by an administrator tasks—The access tasks associated with the role
ACCESS TASK	name—User-visible name for the task description—An optional comment about the purpose of the task application—The application that is associated with the task tag—The unique identifier for the task reserved1, reserved2, reserved3, reserved4—The values of the reserved fields for the task
ADMINISTRATIVE ROLE	name—User-visible name for the role description—An optional comment about the purpose of the role members—The users who can use the role administrators—The users who can assign role member or administrators owners—The users who can modify the role enabled—Indicates whether or not the role is enabled assignable—Indicates whether the role can be assigned by an administrator tasks—The tasks associated with the role
ADMINISTRATIVE TASK	name—User-visible name for the task description—An optional comment about the purpose of the task tag—The unique identifier for the task category—The category in the Identity Manager user interface where the task appears primary_object—The object on which the task operates action—The operation performed on the object hidden—Indicates whether the task does not appear in menus public—Indicates whether the task is available to users who have not logged in to Identity Manager auditing—Indicates whether the task enables the recording of auditing information external—Indicates whether the task is an external task url—The URL where Identity Manager redirects the user when an external task executes workflow—Indicates whether the Identity Manager events associated with the task trigger workflow webservice—Indicates whether the task is one for which Web Services Description Language (WSDL) output can be generated from the Identity Manager Management Console
GROUP	Any valid attribute that is defined for the GROUP object in the directory configuration file (directory.xml)
ORGANIZATION	Any valid attribute that is defined for the Organization object in the directory configuration file (directory.xml)
PARENTORG
RELATIONSHIP	%CONTAINER%—Unique identifier of the parent object. For example, if the RELATIONSHIP object describes role membership, the container would be the role. %CONTAINER_NAME%—User-visible name of the parent group %ITEM%—Unique identifier of the object that is contained in the parent object. For example, if the RELATIONSHIP object describes role membership, the items would be the role members. %ITEM_NAME%—User-visible name for the nested group
USER	Any valid attribute that is defined for the USER object in the directory configuration file (directory.xml)
NONE	No attributes

Note: The following applies to the preceding table:

Enabled, assignable, auditable, workflow, hidden, webservice, and public are logged as true or false.
When auditing tasks for roles, the user visible name is logged.
The database stores member, administrator, and owner policies in compiled XML format. This format is different from the user interface where each policy appears as an expression

Email CA Technologies about this topic