• State Suggested Answer
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 10 subscribers
  • Views 8540 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Administration

Can someone confirm the best way to find out who removed a member from a team, d

Keith
Can someone confirm the best way to find out who removed a member from a team, department or custom? We look at the log file and do not see a record of this activity. One the other side of this, is there any recording of when someone is added to a team? ...

OriginalPostID-100503

OriginalPostID-100503

  Discussion posts and replies are publicly visible

  • 0
    Appian Employee
    This information is not logged by default nor logged precisely the way you describe your requirement, however if you are using Appian 6.7.1 and above you can increase the Authorization Audit Logging to DEBUG to know what action is performing each user and whether it has been authorized or not by updating this line in /ear/suite.ear/resources/appian_log4j.properties

    log4j.logger.com.appian.authz-audit=DEBUG, AUTHZ_AUDIT

    when set to DEBUG this will log everything in the <APPIAN_HOME>/logs/authz-audit.csv so this log will be big.

    This is how the log will show that somebody removed a user (notice how you only know that the user did it but you don't know from what group nor who he removed)

    13:30.5          eduardo.fuentes          k-service-personalization          com.appiancorp.suiteapi.personalization.GroupService.removeMemberUsers          ALLOWED                    allowedBasedOnTheseRoles=[designer]
  • 0
    Appian Employee
    The relevant word in the log is "removeMemberUsers".
  • 0
    Appian Employee
    An enhancement request to log this in more detail has been raised under the reference number AN-33609.

    -Eduardo Fuentes
    Appian Technical Support
  • 0
    Appian Employee
    An alternative or complement to the Audit Logging suggestion would be:

    0. Stop the environment completely
    1. Create a copy of /server/_conf/logging/log.properties in the same location and name it log_db_PE.properties
    2. Edit your log_db_PE.properties and update line 45 to set this logger to DEBUG

    configure.a.pf.te=DEBUG, PERFORMANCE

    3. Add this to line to any location (e.g. line 20) to your ear|runtime_ear/suite.ear/resources/appian_log4j.properties

    log4j.logger.com.appiancorp.ag.GroupServiceJavaImpl=INFO

    4. Start the environment

    Here's how this will let you do an audit. Let me explain with an example:

    1. eduardo.admin adds two users (via People tab or Process, doesn't matter) called eduardo.ldap and UPPERCASE to a group

    The db_PE*.log will show

    2014-02-28 00:07:38 [PE1] {ag29.kdb 12} (Default) INFO .a.pf.te "eduardo.admin" "2.000027" "addMemberUsers"

    and the application-server.log will show:

    2014-02-28 00:07:37,101 [default-threads - 11] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed eduardo.ldap from the group membership cache
    2014-02-28 00:07:37,111 [default-threads - 11] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed UPPERCASE from the group membership cache


    Notice how we can correlate these entries to know who added a user to a group but we can't determine to what group. Also notice that the phrase"removed" from the group membership cache" doesn't mean a group removal, it just means a change in the group membership for this user, it can be an addition or removal so we definitely need to correlate with the corresponding entry in db_PE to know whether it was a removal or addition

    2. eduardo.admin removes two users (via People tab or Process, doesn't matter) called eduardo.ldap and UPPERCASE from a group

    The db_PE*.log will show

    2014-02-28 00:07:37 [PE1] {ag29.kdb 11} (Default) INFO .a.pf.te "eduardo.admin" "0.9999349" "removeMemberUsers"

    and the application-server.log will show:

    2014-02-28 00:07:36,288 [default-threads - 13] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed eduardo.ldap from the group membership cache
    2014-02-28 00:07:36,292 [default-threads - 13] INFO com.appiancorp.ag.GroupServiceJavaImpl - Removed UPPERCASE from the group membership cache

    Notice how we can correlate these entries to know who removed a user from a group but we can't determine from what group. Also notice that the phrase"removed" from the group membership cache" doesn't mean a group removal, it just means a change in the group membership for this user, it can be an addition or removal so we definitely need to correlate with the corresponding entry in db_PE to know whether it was a removal or addition
  • 0
    Appian has very detailed logging for processes. Have they considered logging to SQL when someone is added and removed from teams? The log would be large for adding - so maybe we could select what to log. Sometimes knowing if a document is removed or added is important and who did it. Changing calendar settings... Various system things like this should be able to be logged and then viewed easier than the current log file. System History is a nice choice.
  • 0 in reply to Eduardo Fuentes
    Hello Eduardo, this a very old post. I was wondering if there is a better way to accomplish this today?
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.