2 Replies Latest reply on Jan 17, 2020 10:39 AM by Michal Chmel

    Question about retrieving data on Role usage

    Tim Rotman
      Share This:

      Using TSSAC 8.9.03, we would like to find some statistics on Role usage.

       

       

      How can we find the following information via our BSA database or logs, (which logs)?

       

      1.  When was the role last used? (Role, Date aligned to role usage, maybe in table form)

      2.  How often is it used – how often are users logging in using the role? (frequency of role use, or of login with role)

       

      Our goal is to eliminate unused roles, if possible, as we have 442 Roles.

       

      I should mention that we do not have the Reporting module.

       

      Any suggestions will be appreciated.

       

      Thanks!

        • 1. Re: Question about retrieving data on Role usage
          Bill Robinson

          I don't believe we log this in the database.  we log the date a user last logged on, but not what role they were in.

          in the appserver log you will see:

          [16 Jan 2020 03:00:05,479] [Client-Connections-Thread-7] [INFO] [BLAdmin:BLAdmins:192.168.8.76] [Client] User 'BLAdmin' assumed the role 'BLAdmins'

          when a user logs in. 

          but you'd probably also want to watch for jobs being run as the role:

          [16 Jan 2020 00:05:01,706] [Job-Execution-0] [INFO] [BLAdmin:BLAdmins:] [NSHScript] __JobRun-2000034,1-2031403__ Started running the job 'Dashboard Report Job' with priority 'NORMAL' on application server 'blapp894.example.com'(2,000,000)

          in case there is some kind of 'service account' type of thing setup

          • 2. Re: Question about retrieving data on Role usage
            Michal Chmel

            Hello Tim,

             

            I would explore AUDIT_TRAIL table in the databse. It provides a very nice overview of the overall role usage based on the operations done on objects in BSA. Basically what you see in the console under "audit" on objects.

            You will be able to get user_name, role, object accessed and policy granted and the exact date.

             

            Give it a shot,

            Michal