User Password Changes Audit Report
This report identifies users whose passwords were changed in a specified period. You must have the ASE_USER_PASSWORD_CHANGES_AUDIT_REPORT_PRIV function security privilege to run this report. The predefined IT Security Manager job role has this privilege by default.
To run the User Password Changes Audit Report:
-
Open the Scheduled Processes work area.
-
Click Schedule New Process.
-
Search for and select the User Password Changes Audit Report process.
-
In the Process Details dialog box, set parameters and click Submit.
-
Click OK to close the confirmation message.
User Password Changes Audit Report Parameters
Search Type
Specify whether the report is for all users, a single, named user, or a subset of users identified by a name pattern that you specify.
User Name
Search for and select the user on whom you want to report. This field is enabled only when Search Type is set to Single user.
User Name Pattern
Enter one or more characters that appear in the user names on which you want to report. For example, you could report on all users whose user names begin with the characters SAL by entering SAL%. This field is enabled only when Search Type is set to User name pattern.
Start Date
Select the start date of the period during which password changes occurred. Changes made before this date don't appear in the report.
To Date
Select the end date of the period during which password changes occurred. Changes made after this date don't appear in the report.
Sort By
Specify how the report output is sorted. The report can be organized by either user name or the date when the password was changed.
Viewing the Report Results
The report produces these files:
-
UserPasswordUpdateReport.csv
-
UserPasswordUpdateReport.xml
-
Diagnostics_[process ID].log
For each user whose password changed in the specified period, the report includes:
-
The user name.
-
The first and last names of the user.
-
The user name of the person who changed the password.
-
How the password was changed:
- ADMIN means that the change was made for the user by a line manager or the IT Security manager, for example.
- SELF_SERVICE means that the user made the change by setting preferences or requesting a password reset, for example.
- FORGOT_PASSWORD means that the user clicked the Forgot Password link when signing in.
- REST_API means that the change was made for the user by SCIM REST APIs.
-
The date and time of the change. The format of date and time of the change is "dd/MM/yyyy HH:mm:ss".