User and group management events

User and group management events can be logged only if the User Registry Configuration is set to InfoSphere Information Server User Registry. These events cannot be logged when the User Registry Configuration is set to Application Server Registry such as when configured to use LDAP for user authentication. Those configurations manage users and groups through external tools so that IBM® InfoSphere® Information Server is not involved in the management of these resources and is not aware when changes are made.

The following event messages are logged with parameters that describe the subjects that are changed or created. The (caller) indicated in each message is the user ID of the caller to this event method:

ADD_USER (caller): UserID=”xxx”, LastName=”xxx”, FirstName=”xxx”

Logged when a new user is created in the InfoSphere Information Server console, Web console, or DirectoryCommand command line tool. New users created through the DirectoryAdmin command line tool on the server do not log an audit event. However, these users cannot log in to InfoSphere Information Server until they are assigned at least the SuiteUser Security Role through the InfoSphere Information Server console or Web console. This security assignment is audited. The DirectoryAdmin command line tool is available on the server side installation that has restricted access. This command cannot be executed on a client side installation.

ADD_GROUP (caller): GroupID=”xxx”, GroupName=”xxx”

Logged when a group is created in the InfoSphere Information Server console, Web console, or DirectoryCommand command line tool.

DELETE_USERS (caller): UserIDs=”xxx, yyy”

Logged when users are deleted through the InfoSphere Information Server console or Web console. Deleting ALL USERS through the DirectoryAdmin command line tool on the server does not log an audit event. This is not a typical action and is used only in a recovery type operation.

DELETE_GROUPS (caller): GroupIDs=”xxx, yyy”

Logged when groups are deleted through the InfoSphere Information Server console or Web console. Deleting ALL GROUPS through the DirectoryAdmin command line tool on the server does not log an audit event. This is not a typical action and is used only in a recovery type operation.

ADD_USERS_TO_GROUPS (caller): UserIDs=”xxx, yyy”, GroupIDs=”xxx, yyy”

Logged when users are added to groups in the InfoSphere Information Server console, Web console, or DirectoryCommand command line tool.

DELETE_USERS_FROM_GROUPS (caller): UserIDs=”xxx, yyy”, GroupIDs=”xxx, yyy”

Logged when users are removed from groups in the InfoSphere Information Server console or Web console.

CHANGE_PASSWORD (caller): UserID=”xxx”

Logged when the Change Password action is used in the InfoSphere Information Server console or Web console to change the password of the user who is currently logged in.

SET_CREDENTIAL (caller): UserID=”xxx”

Logged when a password is changed for any user by an administrator in the InfoSphere Information Server console or Web console. Changing a user's password through the DirectoryAdmin command line tool on the server does not log an audit event.

REMOVE_CREDENTIAL (caller): UserIDs=”xxx, yyy”

Logged when a password is cleared for one or more users.