AuditProfileAttribute Element

Configuration Guide › Auditing › How to Configure Auditing › Audit Settings File › AuditProfileAttribute Element

AuditProfileAttribute Element

AuditProfileAttribute elements indicate the attributes that CA IdentityMinder audits. The attributes apply to the object specified in the AuditProfile element.

Note: If there are no audit profile attributes specified, all the attributes for the object specified in the AuditProfile element are logged.

The AuditProfileAttribute element includes the following parameters:

name

Defines the name of the attribute to audit.

Specify a profile attribute for the object in the corresponding AuditProfile element. For example, if the AuditProfile element specifies the Organization object, specify the name of an organization attribute as the value for the name parameter.

Note: Make sure that you define the profile attribute in the directory configuration file for the CA IdentityMinder directory.

auditlevel

Indicates the type of information that is recorded for an attribute.

AuditLevel Values lists the valid values for the AuditLevel element.

The following table shows the valid attributes for CA IdentityMinder object types:

Valid Attributes for CA IdentityMinder Object Types

Object Type	Valid Attributes
ACCESS ROLE	name—User-visible name for the role description—An optional comment about the purpose of the role. members—The users who can use the role. administrators—The users who can assign role member or administrators. owners—The users who can modify the role. enabled—Indicates whether the role is enabled or not. assignable—Indicates whether the role assignable by an administrator or not. tasks—The access tasks that are associated with the role.
ACCESS TASK	name—User-visible name for the task description—An optional comment about the purpose of the task application—The application that is associated with the task. tag—The unique identifier for the task reserved1, reserved2, reserved3, reserved4—The values of the reserved fields for the task
ADMINISTRATIVE ROLE	name—User-visible name for the role description—An optional comment about the purpose of the role members—The users who can use the role. administrators—The users who can assign role member or administrators. owners—The users who can modify the role. enabled—Indicates whether the role is enabled or not. assignable—Indicates whether the role assignable by an administrator or not. tasks—The tasks that are associated with the role.
ADMINISTRATIVE TASK	name—User-visible name for the task description—An optional comment about the purpose of the task tag—The unique identifier for the task category—The category in the CA IdentityMinder user interface where the task appears primary_object—The object on which the task operates action—The operation that is performed on the object. hidden—Indicates whether the task does not appear in menus. public—Indicates whether the task is available to users who have not logged in to CA IdentityMinder. auditing—Indicates whether the task enables the recording of auditing information. external—Indicates whether the task is an external task. url—The URL where CA IdentityMinder redirects the user when an external task executes. workflow—Indicates whether the CA IdentityMinder events associated with the task trigger workflow webservice—Indicates whether the task is one for which Web Services Description Language (WSDL) output can be generated from the CA IdentityMinder Management Console.
GROUP	Any valid attribute that is defined for the GROUP object in the directory configuration file (directory.xml).
ORGANIZATION	Any valid attribute that is defined for the Organization object in the directory configuration file (directory.xml).
PARENTORG
RELATIONSHIP	%CONTAINER%—Unique identifier of the parent object. For example, if the RELATIONSHIP object describes role membership, the container would be the role. %CONTAINER_NAME%—User-visible name of the parent group %ITEM%—Unique identifier of the object that is contained in the parent object. For example, if the RELATIONSHIP object describes role membership, the items would be the role members. %ITEM_NAME%—User-visible name for the nested group
USER	Any valid attribute that is defined for the USER object in the directory configuration file (directory.xml)
NONE	No attributes

Note: Following list are the points to apply to the preceding table:

Enabled, assignable, auditable, workflow, hidden, webservice, and public are logged as true or false.
When auditing tasks for roles, the user visible name is logged.
The database stores member, administrator, and owner policies in compiled XML format. This format is different from the user interface where each policy appears as an expression.