Audit Overview

The Audit tab allows both viewing and downloading records from the audit trail table for all portal operations. It is accessible when portalMode is enabled and the user has the Audit User role set in the Users tab.

You can define multiple filters to refine the records displayed. For example, you can specify a date range using "Since" (start date) and "Until" (end date) or apply filters based on specific column values. Multiple filters can be combined to narrow down the results effectively. Additionally, you have the option to download the filtered data to a text file. To ensure the filters apply to the downloaded data, check the box labeled "Include filters" in the dropdown menu next to the Download button. This way, only the records matching your selected criteria will be included in the download. If the "Include filters" checkbox is not selected, all records will be downloaded regardless of the applied filters.

Note: Records marked with a light blue background pertain to roles, not the entire session, for easier browsing.

Note: By default, the time is displayed in the time zone of the Central Manager. This time zone can be identified in the column names Log Timestamp, Session Start Timestamp and Session End Timestamp, where the corresponding time zone information is appended, e.g., "UTC +1". In cases where the client is in a different time zone, the time is still shown in the Central Manager's time zone by default. However, the user can optionally select the Local Timezone checkbox, which will adjust all timestamps to the client's current time zone. Furthermore, when the Local Timezone checkbox is selected, the times entered in the filters can be provided in your local time zone, and they will be automatically converted accordingly. Additionally, records downloaded via the Download Records button will always be provided in the time zone of the Central Manager, with the corresponding time zone information included in the column names containing timestamps.

Each record represents one of the possible states. Here are the explanations:

  • APPROVED - Indicates that a role or session has been approved by an approver or was auto-approved if approvals needed is set to 0.
  • CANCELED - Indicates that the session was canceled and ended by the user who initially requested it.
  • CREATED - Indicates that the session was created.
  • DENIED - Indicates that a role, and consequently the session, was denied by an approver.
  • EXPIRED - Indicates that the session's time has run out and it has been terminated.
  • GRANTED - Indicates that the session has started as its scheduled start time has arrived.
  • TERMINATED - Indicates that the session was terminated by an admin.

Additionally, there is an option to view session details by hovering over its ID in the Session ID column. A small popup will display basic information about the session, including all roles and the justification provided by the requester.

Example:

In the screenshot above, we see example audit records for a session with ID 68. Reading from the bottom, we have the following information:

  1. Mark requested the session for roles role1 and role3. The session received the status CREATED, but it is not yet granted and is waiting for approvals.
  2. The user admin approves the role role3. A record with the APPROVED status, empty fields for session start time, end time, and a light blue background indicates that this record pertains to a role(s).
  3. Similarly, the user john approves the role role1.
  4. After receiving approvals for role1 and role3, the session changes its status to APPROVED. However, the text TBD in the session username column means that the session username has not yet been generated because the session has not started. If the session had already started, the session username field would display the name of the session user.
  5. The next record indicates that the session start time has arrived, and the session is marked as GRANTED, with the session user now created. From this point on, the created user has the requested roles and can log into the database.
  6. Finally, Mark decided he no longer needed the session, so he canceled it. The session changed its status to CANCELED, and the session user was removed from the database, meaning it can no longer be used.