附录 B
审计日志数据库模式
此附录提供了有关支持的数据库类型的审计数据模式值和审计日志数据库映射的信息。
Oracle
表 B-1 列出了 Oracle 数据库类型的数据模式值:
表 B-1 Oracle 数据库类型的数据模式值 (第 1 页,共 2 页)
数据库列
|
值
|
ID
|
VARCHAR(50) NOT NULL
|
name
|
VARCHAR(128) NOT NULL
|
repomod
|
TIMESTAMP
|
resourceName
|
VARCHAR(128)
|
accountName
|
VARCHAR(50)
|
objectType
|
CHAR(2)
|
objectName
|
VARCHAR(128)
|
action
|
CHAR(2)
|
actionDateTime
|
CHAR(21)
|
actionStatus
|
CHAR(1)
|
interface
|
VARCHAR(50)
|
server
|
VARCHAR(128)
|
subject
|
VARCHAR(128)
|
reason
|
CHAR(2)
|
message
|
VARCHAR(255) 或 CLOB(请参见表结尾处的注释1。)
|
acctAttrChanges
|
VARCHAR(4000) 或 CLOB
|
acctAttr01label
|
VARCHAR(50)
|
acctAttr01value
|
VARCHAR(128)
|
acctAttr02label
|
VARCHAR(50)
|
acctAttr02value
|
VARCHAR(128)
|
acctAttr03label
|
VARCHAR(50)
|
acctAttr03value
|
VARCHAR(128)
|
acctAttr04label
|
VARCHAR(50)
|
acctAttr04value
|
VARCHAR(128)
|
acctAttr05label
|
VARCHAR(50)
|
acctAttr05value
|
VARCHAR(128)
|
parm01label
|
VARCHAR(50)
|
parm01value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm02label
|
VARCHAR(50)
|
parm02value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm03label
|
VARCHAR(50)
|
parm03value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm04label
|
VARCHAR(50)
|
parm04value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm05label
|
VARCHAR(50)
|
parm05value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
sequence
|
CHAR(19)
|
xmlSize
|
NUMBER(19,0)
|
xml
|
BLOB
|
DB2
表 B-2 列出了 DB2 数据库类型的数据模式值:
表 B-2 DB2 数据库类型的数据模式值 (第 1 页,共 2 页)
数据库列
|
值
|
ID
|
VARCHAR(50) NOT NULL
|
name
|
VARCHAR(128) NOT NULL
|
repomod
|
TIMESTAMP
|
resourceName
|
VARCHAR(128)
|
accountName
|
VARCHAR(50)
|
objectType
|
CHAR(2)
|
objectName
|
VARCHAR(128)
|
action
|
CHAR(2)
|
actionDateTime
|
CHAR(21)
|
actionStatus
|
CHAR(1)
|
interface
|
VARCHAR(50)
|
server
|
VARCHAR(128)
|
subject
|
VARCHAR(128)
|
reason
|
CHAR(2)
|
message
|
VARCHAR(255) 或 CLOB(请参见表结尾处的注释1。)
|
acctAttrChanges
|
CLOB(16M)
|
acctAttr01label
|
VARCHAR(50)
|
acctAttr01value
|
VARCHAR(128)
|
acctAttr02label
|
VARCHAR(50)
|
acctAttr02value
|
VARCHAR(128)
|
acctAttr03label
|
VARCHAR(50)
|
acctAttr03value
|
VARCHAR(128)
|
acctAttr04label
|
VARCHAR(50)
|
acctAttr04value
|
VARCHAR(128)
|
acctAttr05label
|
VARCHAR(50)
|
acctAttr05value
|
VARCHAR(128)
|
parm01label
|
VARCHAR(50)
|
parm01value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm02label
|
VARCHAR(50)
|
parm02value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm03label
|
VARCHAR(50)
|
parm03value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm04label
|
VARCHAR(50)
|
parm04value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm05label
|
VARCHAR(50)
|
parm05value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
sequence
|
CHAR(19)
|
xmlSize
|
DECIMAL(19,0)
|
xml
|
CLOB(16M)
|
MySQL
表 B-3 列出了 MySQL 数据库类型的数据模式值:
表 B-3 MySQL 数据库类型的数据模式值 (第 1 页,共 2 页)
数据库列
|
值
|
ID
|
VARCHAR(50) BINARY NOT NULL
|
name
|
VARCHAR(128) BINARY NOT NULL
|
repomod
|
TIMESTAMP
|
resourceName
|
VARCHAR(128)
|
accountName
|
VARCHAR(255)
|
objectType
|
CHAR(2)
|
objectName
|
VARCHAR(128)
|
action
|
CHAR(2)
|
actionDateTime
|
CHAR(21)
|
actionStatus
|
CHAR(1)
|
interface
|
VARCHAR(50)
|
server
|
VARCHAR(128)
|
subject
|
VARCHAR(128)
|
reason
|
CHAR(2)
|
message
|
VARCHAR(255) 或 CLOB(请参见表结尾处的注释1。)
|
acctAttrChanges
|
TEXT
|
acctAttr01label
|
VARCHAR(50)
|
acctAttr01value
|
VARCHAR(128)
|
acctAttr02label
|
VARCHAR(50)
|
acctAttr02value
|
VARCHAR(128)
|
acctAttr03label
|
VARCHAR(50)
|
acctAttr03value
|
VARCHAR(128)
|
acctAttr04label
|
VARCHAR(50)
|
acctAttr04value
|
VARCHAR(128)
|
acctAttr05label
|
VARCHAR(50)
|
acctAttr05value
|
VARCHAR(128)
|
parm01label
|
VARCHAR(50)
|
parm01value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm02label
|
VARCHAR(50)
|
parm02value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm03label
|
VARCHAR(50)
|
parm03value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm04label
|
VARCHAR(50)
|
parm04value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm05label
|
VARCHAR(50)
|
parm05value
|
VARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
sequence
|
CHAR(19)
|
xmlSize
|
BIGINT
|
xml
|
MEDIUMTEXT
|
SQL Server
表 B-4 列出了 SQL Server 数据库类型的数据模式值:
表 B-4 SQL Server 数据库类型的数据模式值 (第 1 页,共 2 页)
数据库列
|
值
|
ID
|
NVARCHAR(50) NOT NULL
|
name
|
NVARCHAR(128) NOT NULL
|
repomod
|
DATETIME NOT NULL CURRENT_TIMESTAMP
|
resourceName
|
NVARCHAR(128)
|
accountName
|
NVARCHAR(255)
|
objectType
|
NCHAR(2)
|
objectName
|
NVARCHAR(128)
|
action
|
NCHAR(2)
|
actionDateTime
|
NCHAR(21)
|
actionStatus
|
NCHAR(1)
|
interface
|
NVARCHAR(50)
|
server
|
NVARCHAR(128)
|
subject
|
NVARCHAR(128)
|
reason
|
NCHAR(2)
|
message
|
NVARCHAR(255) 或 CLOB(请参见表结尾处的注释1。)
|
acctAttrChanges
|
NTEXT
|
acctAttr01label
|
NVARCHAR(50)
|
acctAttr01value
|
NVARCHAR(128)
|
acctAttr02label
|
NVARCHAR(50)
|
acctAttr02value
|
NVARCHAR(128)
|
acctAttr03label
|
NVARCHAR(50)
|
acctAttr03value
|
NVARCHAR(128)
|
acctAttr04label
|
NVARCHAR(50)
|
acctAttr04value
|
NVARCHAR(128)
|
acctAttr05label
|
NVARCHAR(50)
|
acctAttr05value
|
NVARCHAR(128)
|
parm01label
|
NVARCHAR(50)
|
parm01value
|
NVARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm02label
|
NVARCHAR(50)
|
parm02value
|
NVARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm03label
|
NVARCHAR(50)
|
parm03value
|
NVARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm04label
|
NVARCHAR(50)
|
parm04value
|
NVARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
parm05label
|
NVARCHAR(50)
|
parm05value
|
NVARCHAR(128) 或 CLOB(请参见表结尾处的注释1。)
|
sequence
|
NTEXT
|
xmlSize
|
NUMERIC(19,0)
|
xml
|
NTEXT
|
审计日志数据库映射
表 B-5 包含存储的审计日志数据库键和显示字符串之间的映射,这些字符串即键在审计报告输出中的映射结果。Identity Manager 将作为常量使用的项目存储为简短的数据库键,以节省系统信息库中的空间。产品界面不显示这些映射。相反,只有在检查审计报告结果的转储输出时可以看到它们。
表 B-6 包含可审计的操作数据库键;表 B-7 包含操作状态键;表 B-8 包含以键的形式存储在数据库中的原因代码。
表 B-5 对象键类型数据库键
类型名称
|
英语文本
|
数据库键
|
AccessReview
|
AccessReview
|
AV
|
AccessReviewWorkflow*
|
Access Review Workflow
|
AW
|
AccessScan
|
AccessScan
|
AS
|
Account
|
Account
|
AN
|
AdminGroup
|
Capability
|
AG
|
Administrator
|
Administrator
|
AD
|
AdminRole
|
Admin Role
|
AR
|
Application
|
Resource Group
|
AP
|
AttributeDefinition
|
AttributeDefinition
|
AF
|
AttrParse
|
AttrParse
|
AT
|
AuditConfig
|
AuditConfig
|
AC
|
AuditPolicy
|
AuditPolicy
|
CP
|
BeanPod
|
Bean Pod
|
BP
|
ComplianceViolation
|
ComplianceViolation
|
CV
|
Configuration
|
Configuration
|
CN
|
DataExporter
|
Data Exporter
|
DE
|
Discovery
|
Discovery
|
DS
|
Email*
|
Email
|
EM
|
EmailTemplate
|
EmailTemplate
|
ET
|
EncryptionKey
|
EncryptionKey
|
KY
|
Event
|
Event
|
EV
|
Extract
|
Extract
|
ER
|
ExtractTask
|
ExtractTask
|
EX
|
IDMXUser*
|
Directory User
|
UX
|
LighthouseAccount*
|
Identity System Account
|
LA
|
LoadConfig
|
LoadConfig
|
LD
|
LoadTask
|
LoadTask
|
LT
|
Log
|
Log
|
LG
|
LoginApp
|
LoginApp
|
LP
|
LoginConfig
|
LoginConfig
|
LC
|
LoginModGroup
|
LoginModGroup
|
LF
|
MetaView
|
Meta View
|
MV
|
ObjectGroup
|
Organization
|
OG
|
Policy
|
Policy
|
PO
|
ProvisioningTask
|
ProvisioningTask
|
PT
|
RemediationWorkflow*
|
Remediation Workflow
|
RW
|
RemedyConfig
|
RemedyConfig
|
RC
|
Resource
|
Resource
|
RS
|
ResourceAccount*
|
Resource Account
|
RA
|
ResourceAction
|
ResourceAction
|
RN
|
ResourceForm
|
ResourceForm
|
RF
|
ResourceObject
|
ResourceObject
|
RE
|
RiskReportTask
|
RiskReportTask
|
RR
|
Role
|
Role
|
RL
|
Rule
|
Rule
|
RU
|
SnapShot
|
SnapShot
|
SS
|
SysLog
|
SysLog
|
SL
|
System
|
System
|
SY
|
TaskDefinition
|
TaskDefinition
|
TD
|
TaskInstance
|
TaskInstance
|
TI
|
TaskResult
|
TaskResult
|
TR
|
TaskResultPage
|
ResultPage
|
TP
|
TaskSchedule
|
TaskSchedule
|
TS
|
TaskTemplate
|
TaskTemplate
|
TT
|
TestNotification*
|
Test Notification
|
TN
|
User
|
User
|
US
|
UserEntitlement
|
UserEntitlement
|
UE
|
UserForm
|
UserForm
|
UF
|
WorkflowCase*
|
Workflow Case
|
WC
|
WorkItem
|
WorkItem
|
WI
|
XmlData
|
XmlData
|
XD
|
表 B-6 操作数据库键
操作名称
|
英语文本
|
数据库键
|
Allowed*
|
Allowed
|
AL
|
Approve
|
Approve
|
AP
|
Assign Audit Policies
|
Assign Audit Policies
|
AA
|
Assign Capabilities
|
Assign Capabilities
|
AC
|
AttestorApproved*
|
Attestor Approved
|
TA
|
AttestorRejected*
|
Attestor Rejected
|
AR
|
AttestorRemediate*
|
Remediation Requested
|
AF
|
AttestorRescan*
|
Rescan Requested
|
AN
|
Bulk Change Password
|
Bulk Change Password
|
BW
|
Bulk Create
|
Bulk Create
|
BC
|
Bulk Delete
|
Bulk Delete
|
BD
|
Bulk Deprovision
|
Bulk Deprovision
|
BP
|
Bulk Disable
|
Bulk Disable
|
BF
|
Bulk Enable
|
Bulk Enable
|
BE
|
Bulk Modify
|
Bulk Modify
|
BM
|
Bulk Reset Password
|
Bulk Reset Password
|
BR
|
Bulk Unassign
|
Bulk Unassign
|
BU
|
Bulk Unlink
|
Bulk Unlink
|
BL
|
Bypass Verify
|
Bypass Verify
|
BV
|
CancelReconcile*
|
Cancel Reconcile
|
CR
|
challengeResponse*
|
Challenge Response
|
CD
|
Change Password
|
Change Password
|
CP
|
Connect
|
Connect
|
CN
|
Control Active Sync
|
Control Active Sync
|
CA
|
Create
|
Create
|
CT
|
CredentialsExpired*
|
Credentials Expired
|
CE
|
Debug
|
Debug
|
DB
|
Delegate
|
Delegate
|
DG
|
Delete
|
Delete
|
DL
|
Deprovision
|
Deprovision
|
DP
|
Disable
|
Disable
|
DS
|
Disconnect
|
Disconnect
|
DC
|
Enable
|
Enable
|
EN
|
End Activity
|
End Activity
|
EA
|
End Process
|
End Process
|
PE
|
End Workflow
|
End Workflow
|
EW
|
Execute
|
Execute
|
LN
|
Expired*
|
Expired
|
EX
|
Export
|
Export
|
EP
|
Fixed*
|
Fixed
|
FX
|
Import
|
Import
|
IM
|
List
|
List
|
LI
|
Lock
|
Lock
|
LK
|
Login
|
Login
|
LG
|
Logout*
|
Logout
|
LO
|
Mitigated*
|
Mitigated
|
VM
|
Modify
|
Modify
|
MO
|
Modify Active Sync
|
Modify Active Sync
|
MA
|
NativeChange*
|
Native Change
|
NC
|
Notify*
|
Notify
|
NO
|
PostOperation*
|
Post-Operation Callout
|
PT
|
PreOperation*
|
Pre-Operation Callout
|
PP
|
Prioritize*
|
Prioritize
|
PR
|
Provision
|
Provision
|
PV
|
Recurring*
|
Recurring
|
RC
|
Reject
|
Reject
|
RJ
|
Remediated*
|
Remediated
|
VR
|
Rename
|
Rename
|
RE
|
RequestReconcile*
|
Request Reconcile
|
RR
|
ResetPassword
|
ResetPassword
|
RP
|
Run Debugger
|
Run Debugger
|
RD
|
ScanBegin*
|
Scan Begin
|
SB
|
ScanEnd*
|
Scan End
|
SE
|
StartActivity*
|
Start Activity
|
SA
|
StartProcess*
|
Start Process
|
SP
|
StartWorkflow*
|
Start Workflow
|
SW
|
Terminate*
|
Terminate
|
TR
|
Unassign
|
Unassign
|
UA
|
Unlink
|
Unlink
|
UN
|
Unlock
|
Unlock
|
UL
|
updateAuthenticationAnswers*
|
Update Authentication Answers
|
AQ
|
usernameRecovery*
|
Username Recovery
|
UR
|
View
|
View
|
VW
|
View Only
|
View Only
|
VO
|
表 B-7 操作状态数据库键
结果
|
数据库键
|
Success
|
S
|
Failure
|
F
|
表 B-8 以键的形式存储的原因
原因名称
|
英语文本
|
数据库键
|
PolicyViolation
|
Violation of policy {0}: {1}
|
PV
|
InvalidCredentials
|
Invalid Credentials
|
CR
|
InsufficientPrivileges
|
Insufficient Privileges
|
IP
|
DatabaseAccessFailed
|
Database Access Failed
|
DA
|
AccountDisabled
|
Account Disabled
|
DI
|