IBM Security Privileged Identity Manager, Version 2.0.2

Auditing schema tables

You can use auditing schema to track credential management, credential pool management, credential lease management, and shared access policy management. The audit event schema has a common base event table, audit_event, which contains fields common to all audit events.

Separate tables are created for an event type only if that event type contains attributes, which are not generic enough to keep in a common table. As a rule, any element that is common to most audit events is kept in the audit_event container table. This design choice helps reduce the number of table joins when event data is queried.

The auditing event information is in the following tables:

Table 1. Auditing schema tables
Event Category	Table Name
Application ID management	No event-specific table
Credential management	No event-specific table
Credential Pool management	No event-specific table
Credential Lease management	`AUDIT_MGMT_LEASE` This table is used only if the action is Checkout or if the credential is a pool member.
Shared Access Policy management	No event-specific table

AUDIT_EVENT table
The AUDIT_EVENT table is common for all audit events. However, the value for some columns is different depending on the event. See the specific event for the column values.
IBM Security Privileged Identity Manager authentication
This section describes the columns used by events related to IBM® Security Privileged Identity Manager authentication operations.
Person management
This section describes the columns used by events related to Person management, such as add, modify, delete, suspend, transfer, and restore.
Delegate authority
This section describes events related to delegate authority, such as add and modify.
Policy management
This section describes events related to IBM Security Privileged Identity Manager polices, such as password policies.
ACI management
This section describes the columns used by events related to IBM Security Privileged Identity Manager access control information (ACI).
Access request management
Access request management describes the audit data that supports the viewing of access requests that are submitted through the Identity Service Center user interface.
Manual activity events
This section describes events that are related to manual activities. Some examples of manual activities include approvals, requests for information, and work orders.
Lifecycle rule events
When a lifecycle rule is run, information about who submitted the request is audited. If the lifecycle rule creates other root workflow processes, a lifecycle rule event is audited for each created root workflow process.
Account management
These AUDIT_EVENT columns are used by events that are related to account management, such as add, modify, suspend, restore, delete, admin change password, password pickup, and adopt.
Database views
The tables described in this section are used for database views.
Container management
This section describes the columns used by events related to events specific to container management, such as add, modify, and delete.
Organization role management
This section describes the columns used by events related to organization role management, such as add, modify, and delete.
Group management
These AUDIT_EVENT columns are used by events that are related to group management, such as add, modify, and delete.
Service management
This section describes the columns used by event-specific to service, such as add, modify, and delete.
Reconciliation
This section describes the columns used by events specific to reconciliation, such as runRecon, setServiceParams, and setReconUnit.
Entitlement workflow management
This section describes the columns used by events specific to custom workflow management, such as add, modify, and delete.
Entity operation management
This section describes the columns used by events specific to system workflow management, such as add, modify, and delete.
System configuration
This section describes the columns used by events specific to IBM Security Privileged Identity Manager configuration performed through the Configuration tab.
Runtime events
This section describes the columns used by event related to IBM Security Privileged Identity Manager start and stop events.
Self-password change
This section describes the columns that are used by events that are related to password change.
Credential management
This section describes the columns used by events related to Credential management. For example, add to vault, modify, delete, register password, view password history, or get password for non-exclusive credential.
Credential Pool management
This section describes the columns used by events related to Credential Pool management, such as add, modify, or delete.
Credential Lease management
This section describes the columns used by events related to Credential Lease management. For example, check out, check in, get password, notify expired lease, or notify and check in expired lease.
Shared Access Policy management
This section describes the columns used by events related to Shared Access Policy management, such as add, modify, or delete.
Application ID management
The audit log monitors all activities of an application instance's registration and credential retrieval for OAuth 2.0 Token authentication.

Parent topic: Schema reference

Feedback