I have been working a while with ITIM 5.1 and for audit purposes I want a log of all account changes on an attribute level. For account changes executed from within the gui I see a full report of which attributes were changed specifying the new and old value. But I started noticing that there are a number of scenarios when account details are not logged. I can find the change request and see that the account was changed but I cannot find out which attributes were changed. Even when looking directly in the PROCESS and PROCESSLOG tables I could not found this information.
Some of the scenarios are
* account is create as a result of a policy enforcement
* account changes triggered by "change policy enforcement action"
I was thinking about change the account operations to provide this extra logging or are there better solutions