One more configuration setting for Management History determines the size of the Change Tracking log. The log stores information about requests to change directory data, one record per request. Each record includes information about the changes to a certain object that were made in accordance with a certain change request.
You can configure the maximum number of records by managing properties of the Change Tracking Log Configuration object, located in the Configuration/Server Configuration container.
On the Log Settings tab in the Properties dialog box for that object, you can select one of the following options:
By default, the Change Tracking log is configured to store information about requests that occurred within last 30 days. Information about change requests is written to the log so that new requests replace those that are older than 30 days. If you increase this number, do it carefully. Increasing this number significantly increases the size of the log. If you are planning to change this setting, you should first review the Considerations and best practices section earlier in this chapter.
|
NOTE: The Change Tracking log is used as the source of information on both Change History and User Activity. The volume of requests held in the log equally determines the Change History retention time and the User Activity retention time. |
On the Log Record Size tab, you can choose from the options that allow you to reduce the size of the Change Tracking log by logging detailed information about a limited number of change requests, having only basic information about the other change requests logged and thus included in the reports. If the log record of a given change request contains detailed information, then the report on that request provides information about all changes made, along with all policies and workflows performed, by Active Roles when processing the request. Otherwise, the report provides information only about the changes to the object properties made in accordance with the request. Although storing only basic log records results in fewer details in the reports, doing so may considerably decrease the size of the Management History database. The following options are available:
By default, the Management History data is stored in the Active Roles configuration databases. So, if you have Active Roles replication configured as described in the Configuring replication section later in this document, the Management History data is replicated between Administration Services along with the configuration data. Given a large volume of the Management History data, this may cause considerable network traffic.
You can turn off replication of Management History data so as to reduce network traffic. However, doing so causes each database server to maintain a separate Management History data store. The result is that you can use Management History to examine the changes that were made only through the Administration Services that use the same database as the Administration Service you are connected to.
To sum up, the implications of turning off replication of Management History data are as follows:
As the Active Roles console or Web Interface automatically selects the Service to connect to, you may encounter different reports for the same target object or user account during different connection sessions.
Active Roles uses the Management History storage to hold approval, temporal group membership, and deprovisioning tasks. Without synchronizing information between Management History storages, such a task created by one of the Administration Services may not be present on other Administration Services. As a result, behavior of the Active Roles console or Web Interface varies depending on the chosen Administration Service.
Turning off replication of Management History data has no effect on replication of the other data pertinent to the configuration of Active Roles. Only the Management History-related portion of the configuration database is excluded from Active Roles replication.
The instructions on how to turn off replication of Management History data depend upon whether Active Roles replication is already configured.
When initially configuring Active Roles replication, you can ensure that the Management History data will not participate in Active Roles replication by assigning the Publisher role as follows (for definitions of the replication roles, see Configuring replication later in this document):
Then, you can configure Active Roles replication by using the Active Roles console as described in the Configuring replication section later in this document: Use the Add Replication Partner command on the database in the Configuration Databases container to add Subscribers to the Publisher you have configured.
This section outlines the instructions on how to turn off replication of Management History data in case that Active Roles replication is already configured as described in the Configuring replication section later in this document. You need to first delete all Subscribers for Management History data, and then demote the Publisher for Management History data. This only stops replication of Management History data, leaving the other replication functions intact.
To turn off replication of Management History data
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy