Appendix B Audit Log Database Schema
This appendix provides information about audit data schema values for the supported database types and audit log database mappings.
Oracle Database Type
Table B–4 lists the data schema values for the Oracle database type.
Table B–1 Data Schema Values for the Oracle Database Type|
Database Column |
Value |
|---|---|
|
id |
VARCHAR(50) NOT NULL |
|
name |
VARCHAR(128) NOT NULL |
|
repomod |
TIMESTAMP |
|
resourceName |
VARCHAR(128) |
|
accountName |
VARCHAR(50) |
|
objectType |
CHAR(2) |
|
objectName |
VARCHAR(128) |
|
action |
CHAR(2) |
|
actionDateTime |
CHAR(21) |
|
actionStatus |
CHAR(1) |
|
interface |
VARCHAR(50) |
|
server |
VARCHAR(128) |
|
subject |
VARCHAR(128) |
|
reason |
CHAR(2) |
|
message |
VARCHAR(255) or CLOB (See note1 at end of table.) |
|
acctAttrChanges |
VARCHAR(4000) or CLOB |
|
acctAttr01label |
VARCHAR(50) |
|
acctAttr01value |
VARCHAR(128) |
|
acctAttr02label |
VARCHAR(50) |
|
acctAttr02value |
VARCHAR(128) |
|
acctAttr03label |
VARCHAR(50) |
|
acctAttr03value |
VARCHAR(128) |
|
acctAttr04label |
VARCHAR(50) |
|
acctAttr04value |
VARCHAR(128) |
|
acctAttr05label |
VARCHAR(50) |
|
acctAttr05value |
VARCHAR(128) |
|
parm01label |
VARCHAR(50) |
|
parm01value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm02label |
VARCHAR(50) |
|
parm02value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm03label |
VARCHAR(50) |
|
parm03value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm04label |
VARCHAR(50) |
|
parm04value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm05label |
VARCHAR(50) |
|
parm05value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
sequence |
CHAR(19) |
|
xmlSize |
NUMBER(19,0) |
|
xml |
BLOB |
Note –
The column length limit for these columns is configurable. The default data type is VARCHAR and the default size limit is noted in parentheses. See Audit Log Configuration for information on how to adjust the size limit.
DB2 Database Type
Table B–2 lists the data schema values for the DB2 database type.
Table B–2 Data Schema Values for the DB2 Database Type|
Database Column |
Value |
|---|---|
|
id |
VARCHAR(50) NOT NULL |
|
name |
VARCHAR(128) NOT NULL |
|
repomod |
TIMESTAMP |
|
resourceName |
VARCHAR(128) |
|
accountName |
VARCHAR(50) |
|
objectType |
CHAR(2) |
|
objectName |
VARCHAR(128) |
|
action |
CHAR(2) |
|
actionDateTime |
CHAR(21) |
|
actionStatus |
CHAR(1) |
|
interface |
VARCHAR(50) |
|
server |
VARCHAR(128) |
|
subject |
VARCHAR(128) |
|
reason |
CHAR(2) |
|
message |
VARCHAR(255) or CLOB (See note1 at end of table.) |
|
acctAttrChanges |
CLOB(16M) |
|
acctAttr01label |
VARCHAR(50) |
|
acctAttr01value |
VARCHAR(128) |
|
acctAttr02label |
VARCHAR(50) |
|
acctAttr02value |
VARCHAR(128) |
|
acctAttr03label |
VARCHAR(50) |
|
acctAttr03value |
VARCHAR(128) |
|
acctAttr04label |
VARCHAR(50) |
|
acctAttr04value |
VARCHAR(128) |
|
acctAttr05label |
VARCHAR(50) |
|
acctAttr05value |
VARCHAR(128) |
|
parm01label |
VARCHAR(50) |
|
parm01value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm02label |
VARCHAR(50) |
|
parm02value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm03label |
VARCHAR(50) |
|
parm03value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm04label |
VARCHAR(50) |
|
parm04value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm05label |
VARCHAR(50) |
|
parm05value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
sequence |
CHAR(19) |
|
xmlSize |
DECIMAL(19,0) |
|
xml |
CLOB(16M) |
Note –
The column length limit for these columns is configurable. The default data type is VARCHAR and the default size limit is noted in parentheses. See Audit Log Configuration for information on how to adjust the size limit.
MySQL Database Type
Table B–3 lists the data schema values for the MySQL database type.
Table B–3 Data Schema Values for the MySQL Database Type|
Database Column |
Value |
|---|---|
|
id |
VARCHAR(50) BINARY NOT NULL |
|
name |
VARCHAR(128) BINARY NOT NULL |
|
repomod |
TIMESTAMP |
|
resourceName |
VARCHAR(128) |
|
accountName |
VARCHAR(255) |
|
objectType |
CHAR(2) |
|
objectName |
VARCHAR(128) |
|
action |
CHAR(2) |
|
actionDateTime |
CHAR(21) |
|
actionStatus |
CHAR(1) |
|
interface |
VARCHAR(50) |
|
server |
VARCHAR(128) |
|
subject |
VARCHAR(128) |
|
reason |
CHAR(2) |
|
message |
VARCHAR(255) or CLOB (See note1 at end of table.) |
|
acctAttrChanges |
TEXT |
|
acctAttr01label |
VARCHAR(50) |
|
acctAttr01value |
VARCHAR(128) |
|
acctAttr02label |
VARCHAR(50) |
|
acctAttr02value |
VARCHAR(128) |
|
acctAttr03label |
VARCHAR(50) |
|
acctAttr03value |
VARCHAR(128) |
|
acctAttr04label |
VARCHAR(50) |
|
acctAttr04value |
VARCHAR(128) |
|
acctAttr05label |
VARCHAR(50) |
|
acctAttr05value |
VARCHAR(128) |
|
parm01label |
VARCHAR(50) |
|
parm01value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm02label |
VARCHAR(50) |
|
parm02value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm03label |
VARCHAR(50) |
|
parm03value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm04label |
VARCHAR(50) |
|
parm04value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm05label |
VARCHAR(50) |
|
parm05value |
VARCHAR(128) or CLOB (See note1 at end of table.) |
|
sequence |
CHAR(19) |
|
xmlSize |
BIGINT |
|
xml |
MEDIUMTEXT |
Note –
The column length limit for these columns is configurable. The default data type is VARCHAR and the default size limit is noted in parentheses. See Audit Log Configuration for information on how to adjust the size limit.
SQL Server Database Type
Table B–4 lists the data schema values for the SQL Server database type.
Table B–4 Data Schema Values for the SQL Server Database Type|
Database Column |
Value |
|---|---|
|
id |
NVARCHAR(50) NOT NULL |
|
name |
NVARCHAR(128) NOT NULL |
|
repomod |
DATETIME NOT NULL CURRENT_TIMESTAMP |
|
resourceName |
NVARCHAR(128) |
|
accountName |
NVARCHAR(255) |
|
objectType |
NCHAR(2) |
|
objectName |
NVARCHAR(128) |
|
action |
NCHAR(2) |
|
actionDateTime |
NCHAR(21) |
|
actionStatus |
NCHAR(1) |
|
interface |
NVARCHAR(50) |
|
server |
NVARCHAR(128) |
|
subject |
NVARCHAR(128) |
|
reason |
NCHAR(2) |
|
message |
NVARCHAR(255) or CLOB (See note1 at end of table.) |
|
acctAttrChanges |
NTEXT |
|
acctAttr01label |
NVARCHAR(50) |
|
acctAttr01value |
NVARCHAR(128) |
|
acctAttr02label |
NVARCHAR(50) |
|
acctAttr02value |
NVARCHAR(128) |
|
acctAttr03label |
NVARCHAR(50) |
|
acctAttr03value |
NVARCHAR(128) |
|
acctAttr04label |
NVARCHAR(50) |
|
acctAttr04value |
NVARCHAR(128) |
|
acctAttr05label |
NVARCHAR(50) |
|
acctAttr05value |
NVARCHAR(128) |
|
parm01label |
NVARCHAR(50) |
|
parm01value |
NVARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm02label |
NVARCHAR(50) |
|
parm02value |
NVARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm03label |
NVARCHAR(50) |
|
parm03value |
NVARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm04label |
NVARCHAR(50) |
|
parm04value |
NVARCHAR(128) or CLOB (See note1 at end of table.) |
|
parm05label |
NVARCHAR(50) |
|
parm05value |
NVARCHAR(128) or CLOB (See note1 at end of table.) |
|
sequence |
NTEXT |
|
xmlSize |
NUMERIC(19,0) |
|
xml |
NTEXT |
Note –
The column length limit for these columns is configurable. The default data type is VARCHAR and the default size limit is noted in parentheses. See Audit Log Configuration for information on how to adjust the size limit.
Audit Log Database Mappings
Table B–5 contains the mappings between stored audit log database keys and the display string to which they map in the audit report output. Waveset stores items that are used as constants as short database keys to save space in the repository. The product interface does not display these mappings. Instead, you see them only when examining the output of a dump of the audit report results.
Table B–6 contains the auditable action database keys, Table B–7 contains the action status keys, and Table B–8 contains the reason codes that are stored in the database as keys.
Table B–5 Object Key-Type Database Keys|
Type Name |
English Text |
DbKey |
|---|---|---|
|
AccessReview |
AccessReview |
AV |
|
AccessReviewWorkflow* |
Access Review Workflow |
AW |
|
AccessScan |
AccessScan |
AS |
|
Account |
Account |
AN |
|
AdminGroup |
Capability |
AG |
|
Administrator |
Administrator |
AD |
|
AdminRole |
Admin Role |
AR |
|
Application |
Resource Group |
AP |
|
AttributeDefinition |
AttributeDefinition |
AF |
|
AttrParse |
AttrParse |
AT |
|
AuditConfig |
AuditConfig |
AC |
|
AuditPolicy |
AuditPolicy |
CP |
|
BeanPod |
Bean Pod |
BP |
|
ComplianceViolation |
ComplianceViolation |
CV |
|
Configuration |
Configuration |
CN |
|
DataExporter |
Data Exporter |
DE |
|
Discovery |
Discovery |
DS |
|
Email* |
|
EM |
|
EmailTemplate |
EmailTemplate |
ET |
|
EncryptionKey |
EncryptionKey |
KY |
|
Event |
Event |
EV |
|
Extract |
Extract |
ER |
|
ExtractTask |
ExtractTask |
EX |
|
IDMXUser* |
Directory User |
UX |
|
LighthouseAccount* |
Identity System Account |
LA |
|
LoadConfig |
LoadConfig |
LD |
|
LoadTask |
LoadTask |
LT |
|
Log |
Log |
LG |
|
LoginApp |
LoginApp |
LP |
|
LoginConfig |
LoginConfig |
LC |
|
LoginModGroup |
LoginModGroup |
LF |
|
MetaView |
Meta View |
MV |
|
ObjectGroup |
Organization |
OG |
|
Policy |
Policy |
PO |
|
ProvisioningTask |
ProvisioningTask |
PT |
|
RemediationWorkflow* |
Remediation Workflow |
RW |
|
RemedyConfig |
RemedyConfig |
RC |
|
Resource |
Resource |
RS |
|
ResourceAccount* |
Resource Account |
RA |
|
ResourceAction |
ResourceAction |
RN |
|
ResourceForm |
ResourceForm |
RF |
|
ResourceObject |
ResourceObject |
RE |
|
RiskReportTask |
RiskReportTask |
RR |
|
Role |
Role |
RL |
|
Rule |
Rule |
RU |
|
SnapShot |
SnapShot |
SS |
|
ServerObject |
ServerObject |
SV |
|
SysLog |
SysLog |
SL |
|
System |
System |
SY |
|
TaskDefinition |
TaskDefinition |
TD |
|
TaskInstance |
TaskInstance |
TI |
|
TaskResult |
TaskResult |
TR |
|
TaskResultPage |
ResultPage |
TP |
|
TaskSchedule |
TaskSchedule |
TS |
|
TaskTemplate |
TaskTemplate |
TT |
|
TestNotification* |
Test Notification |
TN |
|
User |
User |
US |
|
UserEntitlement |
UserEntitlement |
UE |
|
UserForm |
UserForm |
UF |
|
WorkflowCase* |
Workflow Case |
WC |
|
WorkItem |
WorkItem |
WI |
|
XmlData |
XmlData |
XD |
Table B–6 Action Database Keys
|
Action Name |
English Text |
DbKey |
|---|---|---|
|
Allowed* |
Allowed |
AL |
|
Approve |
Approve |
AP |
|
Assign Audit Policies |
Assign Audit Policies |
AA |
|
Assign Capabilities |
Assign Capabilities |
AC |
|
AttestorApproved* |
Attestor Approved |
TA |
|
AttestorRejected* |
Attestor Rejected |
AR |
|
AttestorRemediate* |
Remediation Requested |
AF |
|
AttestorRescan* |
Rescan Requested |
AN |
|
Bulk Change Password |
Bulk Change Password |
BW |
|
Bulk Create |
Bulk Create |
BC |
|
Bulk Delete |
Bulk Delete |
BD |
|
Bulk Deprovision |
Bulk Deprovision |
BP |
|
Bulk Disable |
Bulk Disable |
BF |
|
Bulk Enable |
Bulk Enable |
BE |
|
Bulk Modify |
Bulk Modify |
BM |
|
Bulk Reset Password |
Bulk Reset Password |
BR |
|
Bulk Unassign |
Bulk Unassign |
BU |
|
Bulk Unlink |
Bulk Unlink |
BL |
|
Bypass Verify |
Bypass Verify |
BV |
|
CancelReconcile* |
Cancel Reconcile |
CR |
|
challengeResponse* |
Challenge Response |
CD |
|
Change Password |
Change Password |
CP |
|
Connect |
Connect |
CN |
|
Control Active Sync |
Control Active Sync |
CA |
|
Create |
Create |
CT |
|
CredentialsExpired* |
Credentials Expired |
CE |
|
Debug |
Debug |
DB |
|
Delegate |
Delegate |
DG |
|
Delete |
Delete |
DL |
|
Deprovision |
Deprovision |
DP |
|
Disable |
Disable |
DS |
|
Disconnect |
Disconnect |
DC |
|
Enable |
Enable |
EN |
|
End Activity |
End Activity |
EA |
|
End Process |
End Process |
PE |
|
End Workflow |
End Workflow |
EW |
|
Execute |
Execute |
LN |
|
Expired* |
Expired |
EX |
|
Export |
Export |
EP |
|
Fixed* |
Fixed |
FX |
|
Import |
Import |
IM |
|
List |
List |
LI |
|
Lock |
Lock |
LK |
|
Login |
Login |
LG |
|
Logout* |
Logout |
LO |
|
Mitigated* |
Mitigated |
VM |
|
Modify |
Modify |
MO |
|
Modify Active Sync |
Modify Active Sync |
MA |
|
NativeChange* |
Native Change |
NC |
|
Notify* |
Notify |
NO |
|
PostOperation* |
Post-Operation Callout |
PT |
|
PreOperation* |
Pre-Operation Callout |
PP |
|
Prioritize* |
Prioritize |
PR |
|
Provision |
Provision |
PV |
|
Recurring* |
Recurring |
RC |
|
Reject |
Reject |
RJ |
|
Remediated* |
Remediated |
VR |
|
Rename |
Rename |
RE |
|
RequestReconcile* |
Request Reconcile |
RR |
|
ResetPassword |
ResetPassword |
RP |
|
Run Debugger |
Run Debugger |
RD |
|
ScanBegin* |
Scan Begin |
SB |
|
ScanEnd* |
Scan End |
SE |
|
StartActivity* |
Start Activity |
SA |
|
StartProcess* |
Start Process |
SP |
|
StartWorkflow* |
Start Workflow |
SW |
|
Terminate* |
Terminate |
TR |
|
Unassign |
Unassign |
UA |
|
Unlink |
Unlink |
UN |
|
Unlock |
Unlock |
UL |
|
updateAuthenticationAnswers* |
Update Authentication Answers |
AQ |
|
usernameRecovery* |
Username Recovery |
UR |
|
View |
View |
VW |
|
View Only |
View Only |
VO |
Table B–7 Action Status Database Keys
|
Result |
DbKey |
|---|---|
|
Success |
S |
|
Failure |
F |
Table B–8 Reasons Stored as Keys
|
Reason Name |
English Text |
DbKey |
|---|---|---|
|
PolicyViolation |
Violation of policy {0}: {1} |
PV |
|
InvalidCredentials |
Invalid Credentials |
CR |
|
InsufficientPrivileges |
Insufficient Privileges |
IP |
|
DatabaseAccessFailed |
Database Access Failed |
DA |
|
AccountDisabled |
Account Disabled |
DI |
- © 2010, Oracle Corporation and/or its affiliates