5.8 Role Management Events

Role management event may also be classified in terms of data items, but role management is key to systems that manage identity, so these were also given their own category within the XDASv2 taxonomy.

Table 5-8 Role Management Event Taxonomy

Event Name

Event Identifier

Corresponding eDir Event

Description

Use

Create Role

0.0.8.0

DSE_CREATE_ENTRY

DSE_LDAP_ADD

DSE_LDAP_ADDRESPONSE

DSE_NAME_COLLISION

DSE_ADD_ENTRY

Create a new role

Creates a new role, or an attempt is made to create a new role.

Delete Role

0.0.8.1

DSE_DELETE_ENTRY

DSE_DELETE_VALUE

DSE_LDAP_DELETE

DSE_LDAP_DELETERESPONSE

DSE_MOVE_SOURCE_ENTRY

DSE_REMOVE_ENTRY

Delete an existing role

An existing role is deleted, or an attempt is made to delete an existing role.

Modify Role

0.0.8.5

DSE_ADD_VALUE

DSE_DELETE_ATTRIBUTE

DSE_DELETE_VALUE

DSE_LDAP_MODIFY

DSE_LDAP_MODIFYRESPONSE

DSE_MERGE_ENTRIES

DSE_MODIFY_ENTRY

DSE_MODIFY_RDN

DSE_RENAME_ENTRY

Modify a role attribute

Role attributes are modified, or an attempt is made to modify role attributes.

Query Role

0.0.8.4

DSE_LDAP_SEARCH

DSE_LDAP_COMPARE

Query role attributes

Role attributes are queried, or an attempt is made to query role attributes.

5.8.1 Examples for Role Management Events

The following sections include examples for role management events.

Create Role

Click Create Role to generate an event when a new role is created or an attempt is made to create a new role, as shown in the following example:

Jan 08 10:18:34 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "164.99.136.142:40645"}},"Target" : {"Data" : {"Name" : "dc=LDAPValidate"}},"Action" : {"Event" : {"Id" : "0.0.8.0","Name" : "CREATE_ROLE","CorrelationID" : "eDirectory#41#4477577d-b132-4d62-9e89-7d57774432b1","SubEvent" : "DSE_ADD_ENTRY"},"Time" : {"Offset" : 1389847714},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}

Delete Role

Click Delete Role to generate an event when an existing role is deleted or an attempt is made to delete an existing role, as shown in the following example:

Jan 08 10:18:35 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "164.99.136.142:40645"}},"Target" : {"Data" : {"ClassName" : "User","Name" : "CN=NewTest User1,dc=LDAPValidate","newRDN" : "á°¸à¶\u0092"}},"Action" : {"Event" : {"Id" : "0.0.8.1","Name" : "DELETE_ROLE","CorrelationID" : "eDirectory#41#7ba31085-4e90-47fd-0aa6-8510a37b904e","SubEvent" : "DSE_MOVE_SOURCE_ENTRY"},"Time" : {"Offset" : 1389847715},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}} 

Modify Role

Click Modify Role to generate an event when role attributes are modified or an attempt is made to modify role attributes, as shown in the following example:

Jan 08 10:20:23 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=SLES11-SP2-164,O=mycom","Id" : "32833"},"Entity" : {"SysAddr" : "100.1.2.164:39570"}},"Target" : {"Data" : {"Attribute Name" : "Convergence","ClassName" : "domain","Name" : "dc=Events","Syntax" : "8"}},"Action" : {"Event" : {"Id" : "0.0.8.5","Name" : "MODIFY_ROLE","CorrelationID" : "eDirectory#21#e01904e8-b3b2-4012-3c98-e80419e0b2b3","SubEvent" : "DSE_DELETE_ATTRIBUTE"},"Time" : {"Offset" : 1389847823},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}

Query Role

Click Query Role to generate an event when role attributes are queried or an attempt is made to query role attributes, as shown in the following example:

Jan 08 10:19:35 eDirectory : INFO {"Source" : "eDirectory#LDAP","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "cn=admin,o=mycom"},"Entity" : {"SysAddr" : "164.99.136.142:42181"},"Assertions" : {"msgID" : "14","netAddress" : "164.99.136.142:50596","operationTime" : "01/16/14 10:19:34"}},"Target" : {"Data" : {"Data" : ", search filter: (objectclass=inetOrgPerson)","DataLen" : "44","Name" : "cn=Test User1,dc=LDAPValidate","connection" : "231405696","searchScope" : "base"}},"Action" : {"Event" : {"Id" : "0.0.8.4","Name" : "QUERY_ROLE","CorrelationID" : "eDirectory#4294967295#","SubEvent" : "DSE_LDAP_SEARCH"},"Time" : {"Offset" : 1389847775},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}