none
Audit of attribute value change: is the old value available? RRS feed

  • Question

  • When changing the value of an user attribute in the FIM Portal, the new attribute value is properly logged. This can be read in the request and in the standard report FIMUserHistory.

    The question is, what about the old value that was replaced? Is the old value available in the Data Warehouse somewhere, so one can make a report or is it gone forever (of course one can find the old value by looking at the previous attribute change or creation event, but this could be too long time ago)?

    Thanks for helping,

    Didier.

    Friday, February 14, 2014 12:52 PM

Answers

  • Thanks Dominik.
    I did take a closer look at the datawarehouse (specially the DWDataMart database, that's the data source of the reports), and there is no "old value" column to find.
    So you're right, the only way is to find the previous value by going back in the history (whether it is a create or change request).

    Case closed.

    • Marked as answer by DidierR Sunday, February 16, 2014 10:26 PM
    Sunday, February 16, 2014 10:26 PM

All replies

  • Depending on what you want to audit, you can install the FIM reporting component which gives you an audit trail through a bunch of in-built reports. You can also write your own reports and customise the output

    Another option is to use the FIM PowerShell module to export all the Request data to a file or to a database and run some script which can pull out the attribute you are interested in. This link can help with that:

    http://social.technet.microsoft.com/wiki/contents/articles/7880.how-to-use-powershell-to-export-fim-requests-to-a-databasefile.aspx

    Friday, February 14, 2014 5:03 PM
  • Thanks. I actually have FIM reporting up and running (with SCSM DW and SSRS) and I could run and see the result of the built-in report. The fact is that there is no "Old value" column on the report.

    Therefore I'm wondering if this information is at all available (I did not used time yet to look in detailed in the datawarehouse).

    Friday, February 14, 2014 10:00 PM
  • As far I remember (I don't have access to test FIM Reporting now) in reports stored on Data Warehouse, there is no such thing as "old value". But as far I remember it, also very old data is stored there, so there can be something like:
    User: JJK003 -> New attribute (mail) value: jjk003@test.com (12.12.2013)

    User: JJK003 -> New attribute (mail) value: jjk003@production.local (12.02.2014)

    so, if you look closely to a history and sort it by user - you can determine what was the old value.

    http://technet.microsoft.com/en-us/library/jj133843(v=ws.10).aspx

    In report, you have always most recent display name of this user and of attribute's display name, but history should show what value was inserted long time ago and what value was set a week ago - than you know what value was there previously.

    But please be aware that users report, according to TechNet, does not include all properties:

    This report provides information about changes to key attributes on user resources in FIM, including account name, email, job title, and employee start/end date.


    Keep trying


    Saturday, February 15, 2014 9:34 AM
  • Thanks Dominik.
    I did take a closer look at the datawarehouse (specially the DWDataMart database, that's the data source of the reports), and there is no "old value" column to find.
    So you're right, the only way is to find the previous value by going back in the history (whether it is a create or change request).

    Case closed.

    • Marked as answer by DidierR Sunday, February 16, 2014 10:26 PM
    Sunday, February 16, 2014 10:26 PM