enroleAuditing.properties

enroleAuditing.properties

The property key and value pairs in the enroleAuditing.properties file are used to enable or disable the tracking of changes made by a Security Identity Manager user to business objects such as person, location, service, and other objects, or configuration of the system.
Any user request to change the IBM Security Identity Manager directory store or database can be audited and published in a report. The following is a comprehensive list of events audited:

ACI Management (Add, Add Authorization Owner, Delete, Delete Authorization Owner, Modify)
Account Management (Add, Adopt, Change Password, Delete, Modify, Orphan, Password Pickup, Restore, Suspend, Synchronize Password)
Access Management (Add, Remove)
Access Configuration (Add, Remove, Modify)
Authentication (Authenticate ITIM user)
Container Management (Add, Delete, Modify)
Delegate Authority (Add, Delete, Modify)
Entitlement Workflow Management (Add, Delete, Modify)
Entity Operation Management (Add, Delete, Modify)
IBM Security Identity Manager Configuration (Add, Delete, Enforce, Install Profile, Modify, Uninstall Profile)
Group Management (Add, Add Member, Delete, Modify, Remove Member)
Migration (Agent Profile Install, Start Export, Start Import, Stop Export, Stop Import)
Role Management (Add, Add Member, Delete, Modify, Remove Member)
Person Management (Add, Delete, Modify, Restore, Self Register, Suspend, Transfer)
Policy Management (Add, Commit Draft, Delete, Enforce Entire Policy, Modify, Save as Draft, Add Account Template, Change Account Template, Remove Account Template)
Reconciliation (Run Recon, Set Recon Unit, Set Service Recon Parameters)
Runtime Events (Start IBM Security Identity Manager, Stop IBM Security Identity Manager)
Self Password Change (Change Password, Reset Password)
Service Management (Add, Add Adoption Rule, Delete, Delete Adoption Rule, Modify, ModifyAdoption Rule)
Service Policy Enforcement (Correct Non-Compliant, Mark Non-Compliant, Suspend Non-Compliant, Use Global Setting, Use Workflow For Non-Compliant)
Audited information specifically includes:

The identity of the user who takes the action.
The time the action was taken.
The type of action taken.
The data effected by the action.

Properties used to configure how the auditing feature behaves.

IBM Security Identity Manager audit configuration settings

itim.auditing

Specifies whether to enable or disable auditing for IBM Security Identity Manager events.
Valid values include.

true – IBM Security Identity Manager events are audited
false – IBM Security Identity Manager events are not audited, regardless of the settings of individual events or categories

Example (default).
itim.auditing=true

itim.auditing.retrycount

The number of times auditing is tried again in case of failure.
Valid values include any integer.
Example (default).
itim.auditing.retrycount=1

itim.auditing.retrydelay

The wait time in milliseconds before trying again.
Example (default):.
itim.auditing.retrydelay=5000

enrole.auditing.errorpopup.enabled

Enables or disables the process failure display.
Example (default):.
enrole.auditing.errorpopup.enabled=false

enrole.auditing.errorpopup.fields

The process failure display always contains these attributes and their values:
{name, subject, type, result_summary}
You can additionally specify one or more of these attributes:
{subject, comments, name, type, requester_type, requester_name, description, scheduled, started, completed, lastmodified, submitted, state, notify, requestee_name, subject_profile, subject_service, result_summary, result_detail}

Example.
enrole.auditing.errorpopup.fields=subject, comments

enrole.auditing.errorpopup.textwrap

Specifies whether the text wraps at the end of the display.
Example (default):.
enrole.auditing.errorpopup.textwrap=false

enrole.auditing.pageSize

Specifies the page size in lines that displaying unsuccessful processes or activities on the failed activity popup.
Example (default):.
enrole.auditing.pageSize=10

enrole.auditing.pageLinkMax

Number of page links for multi-page result sets on the failed activity.
Example (default):.
enrole.auditing.pageLinkMax=10

enrole.auditing.viewRequests.skipServiceLookup.customProcessTypes

Do not change this property key and value unless you are a qualified administrator.
Specifies the custom process type that does not have a service or an account as subject data in the input parameters of its corresponding workflow operation..
To use this property, add it to the enroleAuditing.properties file with a custom process type value. For more information, see Managing the server properties.
Valid values: A comma-separated custom process type value.
Example (default).
enrole.auditing.viewRequests.skipServiceLookup.customProcessTypes=CP

Parent topic: Supplemental property files

IBM Security Identity Manager audit configuration settings
itim.auditing
	Specifies whether to enable or disable auditing for IBM Security Identity Manager events. Valid values include. true – IBM Security Identity Manager events are audited false – IBM Security Identity Manager events are not audited, regardless of the settings of individual events or categories Example (default). itim.auditing=true
itim.auditing.retrycount
	The number of times auditing is tried again in case of failure. Valid values include any integer. Example (default). itim.auditing.retrycount=1
itim.auditing.retrydelay
	The wait time in milliseconds before trying again. Example (default):. itim.auditing.retrydelay=5000
enrole.auditing.errorpopup.enabled
	Enables or disables the process failure display. Example (default):. enrole.auditing.errorpopup.enabled=false
enrole.auditing.errorpopup.fields
	The process failure display always contains these attributes and their values: {name, subject, type, result_summary} You can additionally specify one or more of these attributes: {subject, comments, name, type, requester_type, requester_name, description, scheduled, started, completed, lastmodified, submitted, state, notify, requestee_name, subject_profile, subject_service, result_summary, result_detail} Example. enrole.auditing.errorpopup.fields=subject, comments
enrole.auditing.errorpopup.textwrap
	Specifies whether the text wraps at the end of the display. Example (default):. enrole.auditing.errorpopup.textwrap=false
enrole.auditing.pageSize
	Specifies the page size in lines that displaying unsuccessful processes or activities on the failed activity popup. Example (default):. enrole.auditing.pageSize=10
enrole.auditing.pageLinkMax
	Number of page links for multi-page result sets on the failed activity. Example (default):. enrole.auditing.pageLinkMax=10
enrole.auditing.viewRequests.skipServiceLookup.customProcessTypes
	Do not change this property key and value unless you are a qualified administrator. Specifies the custom process type that does not have a service or an account as subject data in the input parameters of its corresponding workflow operation.. To use this property, add it to the enroleAuditing.properties file with a custom process type value. For more information, see Managing the server properties. Valid values: A comma-separated custom process type value. Example (default). enrole.auditing.viewRequests.skipServiceLookup.customProcessTypes=CP