Displaying Logged Data Changes
Individual data changes to the process view are displayed in the document view in the form of a log.
To show recorded data changes:
- To show all data changes that were run within a process, select the process in the process data form and click Show logs for this process in the context menu.
- To show all data changes carried out by the current user, click
in the process data form.
- To show all of an object's data changes, select the object in the result list and click
in the process data form.
The data changes log shows the following information.
| Information | Meaning |
|---|---|
| Change history | This shows the affected object and the changed properties. To give a better overview, objects are grouped according to the table to which the dataset belongs. |
| Change date | Time of action. |
| Changed by | User who made the changes. |
| Old value | Column value before the change. |
| New value | Column value after the change. |
| Icon | Meaning |
|---|---|
 |
Column |
 |
Table |
 |
Foreign key |
 |
Object |
Use the following functions to further track data changes
- Show a specific object from the change history
Select the entry for the object in the log and click
. Loads the object and opens the overview form.
- Show a referenced object from the change history
- Select the entry for the object in the log and click
. The display switches to the originally referenced (old) object and the overview form is opened.
- Select the entry for the object in the log and click
. The display switches to the newly referenced object and the overview form is opened.
- Select the entry for the object in the log and click
Related Topics
Analyzing Historical Data with TimeTrace
Use the TimeTrace function to track changes to an object that were made up to any point in the past. In its analysis, the TimeTrace function includes the data changes saved to the One Identity Manager database as well as the records stored in a One Identity Manager History Database. You can use this to find out who had which permissions at which point in time. You can apply historical data to the current object and restore the object to the status prior to the change.
Figure 40: Analyzing historical data
The prerequisite for using the TimeTrace is that data changes are logged within the process monitoring system. Data changes that are saved in the One Identity Manager database can be analyzed immediately. The One Identity Manager History Database must be declared in the One Identity Manager database if archived data is to be included in the TimeTrace function. Historical data is displayed in the TimeTrace view in the Manager.
Prerequisite for displaying the TimeTrace view:
- The TimeTrace view is available only if the configuration parameter "Common\ProcessState" is enabled and the process for logging data changes is configured.
- The current user must be able to access the program function "Option to show TimeTrace" (Common_TimeTrace) via their system user.
To link a History Database into a TimeTrace
- Select the category Base Data | General | TimeTrace databases in the Designer.
- Select the menu item Object | New.
- Enter the One Identity Manager History Database's name.
- Declare the Connection parameter .
- Open the connection data dialog box using the [...] button next to the text box.
- Enter the database connection data for the One Identity Manager History Database.
Table 54: SQL Server Database Connection Data Data Description Server
Database server.
Windows authentication
Specifies whether Windows authentication is used.
This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
User
Database user.
Password
Database user password.
Database
Database.
Table 55: Oracle Database Connection Data Data Description Direct access (without Oracle client) Set this option for direct access. Deactivate this option for access via Oracle Clients.
Which connection data is required, depends on how this option is set.
Server Database server. Port Oracle instance port. Service name Service name. User Oracle database user. Password Database user password. Data source TNS alias name from TNSNames.ora. - Click OK.
- Save the changes.
|
|
NOTE: Set the option Disabled to disable the connection at a later time. If a One Identity Manager History Database is disabled, it is not taken into account when determining change data in the TimeTrace. |
Related Topics
- One Identity Manager Configuration Guide
- Displaying Change Data
Displaying Change Data
To display an object's change data:
- In the Manager, open the TimeTrace view by clicking View | TimeTrace on the menu.
- In the Manager, select the object.
- In the TimeTrace view, click
to enable the change history for this object.
- Use the
filter (time range) in the toolbar of the TimeTrace view to set the period for which you want to load the change data. The changes are identified from the One Identity Manager database and the related history databases.
All change time stamps in the time frame that has been loaded are now shown in the overview below the timeline.
|
|
NOTE: To show changes to assignments for an object, such as a person's assignment to a department, or a resource's assignment to an organization, select the relevant assignment form from the task view. In the TimeTrace view you can then also select a source for which you wish to show changes. There is an additional selection list Source in which you can select the relevant assignment or base object. |
To select a change time stamp on the timeline:
- Click a label below the timeline to show a part of the timeline in more detail.
- Each change time stamp has a label showing the date and time. There is a tooltip for each change, showing which items of data were changed and by whom.
- Select a change time stamp on the timeline or on the label.
- If there are multiple change time stamps which are very close together, when you select a time stamp a context menu appears from which you can choose the specific change time stamp.
- Click the timeline or use Ctrl + Mouse Wheel to zoom in/out of multiple change time stamps that are situated close together.
When you select a change time stamp in TimeTrace, the program's document view opens the object's master data form or the assignment form. Use the timeline or quick edit a label to choose if you want the object settings or assignments to be displayed in the master data form before or after the changes have been made.
If an object property has a historical value, this is indicated by an
You can apply historical data to the current object and restore the object to the status prior to the change.
To apply the historic values:
- Click the icon
Table 56: Properties for applying historical data Data Meaning Property These properties are changed when you apply the historical value. The changes are made immediately or through templates. New value Value of the property; the historical value will then be saved Old value Shows the current value of the property. This value is overwritten if the historical value is saved. - Click Save.
Scheduling Operations Activation Times
| Configuration Parameter | Meaning |
|---|---|
| Common\DeferredOperation | Preprocessor-relevant configuration parameters to record deferred operations. If this parameter is enabled, you can defer running an operation. Changes to the parameter require recompiling the database. |
To run operations later rather than immediately, you can set a run time for individual operations in the Manager. A run time can be scheduled for various operations. As well as the standard operations such as creating, changing and deleting an object, you can arrange for customized methods and events to be run. The DBQueue Processor checks for scheduled operations and triggers the operation to run when the set time is reached.
To schedule an activation time
- Set the configuration parameter "Common\DeferredOperation" in the Designer and compile the database.