Can someone confirm the best way to find out who removed a member from a team, d

This information is not logged by default nor logged precisely the way you describe your requirement, however if you are using Appian 6.7.1 and above you can increase the Authorization Audit Logging to DEBUG to know what action is performing each user and whether it has been authorized or not by updating this line in /ear/suite.ear/resources/appian_log4j.properties

log4j.logger.com.appian.authz-audit=DEBUG, AUTHZ_AUDIT

when set to DEBUG this will log everything in the <APPIAN_HOME>/logs/authz-audit.csv so this log will be big.

This is how the log will show that somebody removed a user (notice how you only know that the user did it but you don't know from what group nor who he removed)

13:30.5          eduardo.fuentes          k-service-personalization          com.appiancorp.suiteapi.personalization.GroupService.removeMemberUsers          ALLOWED                    allowedBasedOnTheseRoles=[designer]

The relevant word in the log is "removeMemberUsers".

An enhancement request to log this in more detail has been raised under the reference number AN-33609.

-Eduardo Fuentes
Appian Technical Support

Thank You Eduardo

An alternative or complement to the Audit Logging suggestion would be:

0. Stop the environment completely
1. Create a copy of /server/_conf/logging/log.properties in the same location and name it log_db_PE.properties
2. Edit your log_db_PE.properties and update line 45 to set this logger to DEBUG

configure.a.pf.te=DEBUG, PERFORMANCE

3. Add this to line to any location (e.g. line 20) to your ear|runtime_ear/suite.ear/resources/appian_log4j.properties

log4j.logger.com.appiancorp.ag.GroupServiceJavaImpl=INFO

4. Start the environment

Here's how this will let you do an audit. Let me explain with an example:

1. eduardo.admin adds two users (via People tab or Process, doesn't matter) called eduardo.ldap and UPPERCASE to a group

The db_PE*.log will show

2014-02-28 00:07:38 [PE1] {ag29.kdb 12} (Default) INFO .a.pf.te "eduardo.admin" "2.000027" "addMemberUsers"

and the application-server.log will show:

2014-02-28 00:07:37,101 [default-threads - 11] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed eduardo.ldap from the group membership cache
2014-02-28 00:07:37,111 [default-threads - 11] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed UPPERCASE from the group membership cache


Notice how we can correlate these entries to know who added a user to a group but we can't determine to what group. Also notice that the phrase"removed" from the group membership cache" doesn't mean a group removal, it just means a change in the group membership for this user, it can be an addition or removal so we definitely need to correlate with the corresponding entry in db_PE to know whether it was a removal or addition

2. eduardo.admin removes two users (via People tab or Process, doesn't matter) called eduardo.ldap and UPPERCASE from a group

The db_PE*.log will show

2014-02-28 00:07:37 [PE1] {ag29.kdb 11} (Default) INFO .a.pf.te "eduardo.admin" "0.9999349" "removeMemberUsers"

and the application-server.log will show:

2014-02-28 00:07:36,288 [default-threads - 13] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed eduardo.ldap from the group membership cache
2014-02-28 00:07:36,292 [default-threads - 13] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed UPPERCASE from the group membership cache

Notice how we can correlate these entries to know who removed a user from a group but we can't determine from what group. Also notice that the phrase"removed" from the group membership cache" doesn't mean a group removal, it just means a change in the group membership for this user, it can be an addition or removal so we definitely need to correlate with the corresponding entry in db_PE to know whether it was a removal or addition

TU again for your detailed information.

Appian has very detailed logging for processes. Have they considered logging to SQL when someone is added and removed from teams? The log would be large for adding - so maybe we could select what to log. Sometimes knowing if a document is removed or added is important and who did it. Changing calendar settings... Various system things like this should be able to be logged and then viewed easier than the current log file. System History is a nice choice.

Hello Eduardo, this a very old post. I was wondering if there is a better way to accomplish this today?

I came across an App in the Appian Market, May be this might help.

community.appian.com/.../user-audit-application

Hi,

May be this plug in also suits for your requirement, please check once.

forum.appian.com/.../summary

forum.appian.com/.../summary