Troubleshooting
Problem
In iBase Security Manager, an iBase user is defined as an Active Directory Group. For example a Group "MYDOMAIN\iBase Users" is created in AD, and all iBase users placed in this Group.
A member of the "iBase Users" group logs in to iBase, and updates a record. For example, "MYDOMAIN\FredAnalyst" is a member of "MYDOMAIN\iBase Users".
FredAnalyst logs into iBase as a member of "MYDOMAIN\iBase Users" and updates an Entity record.
The Update User for that change is shown in iBase as "MYDOMAIN\iBase Users", not as "MYDOMAIN\FredAnalyst"
Cause
This is normal and expected behaviour in iBase. If the user logs in to iBase as the member of an Active Directory Group, they are tracked by their Group identity, not their individual User identity.
Resolving The Problem
There are a couple of possible workarounds:
1) Define all iBase users using individual Active Directory user accounts, not as an Active Directory Group.
The "Update user" property of any records that the user modifies will be associated with their individual user identity, not a Group.
2) Turn on Auditing for the database. The iBase Audit log still records the user as the Group name; but the "Network Login" column of the Audit log shows the client machine name, and the individual user name, of the user:
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXW43","label":"i2 iBase"},"ARM Category":[{"code":"a8m500000008ZHtAAM","label":"i2 iBase and i2 Analyst's WorkStation"}],"Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Type":"MASTER"}]
Historical Number
TS005761221
Was this topic helpful?
Document Information
Modified date:
07 June 2021
UID
ibm16459021