appian_log4j.properties: log4j.logger.com.appian.authz-audit = DEBUG

I am in need to track if a user gets added or removed from a group from designer. I see one post related to this: https://forum.appian.com/suite/tempo/news/entry/e-100503 but it doesn't fulfill my needs 100 %.

I kept looking into the Appian documentation and found there is a log file called authz-audit.log. If set to DEBUG, however, when our Identity Management team adds/removes users using our Manage User application, the foot print of this log files increases dramatically. I tested in DEV by adding a user from a group and I got the two lines below:

2018-08-01 17:38:19.999,ep20215,hybrid-service,com.appiancorp.suiteapi.personalization.GroupService.addMemberUsers,ALLOWED,,"allowedBasedOnTheseRoles=[quick-app-creator, designer]"
2018-08-01 17:38:20.0,ep20215,k-service-personalization,com.appiancorp.suiteapi.personalization.GroupService.addMemberUsers,ALLOWED,,"allowedBasedOnTheseRoles=[quick-app-creator, designer]"

 

This satisfies my needs (in a perfect world, I would also like to know what user got added/removed and the group). However, is there any way to modify the write to the log file so that it only writes when a user gets added/removed from the designer interface and not from an Appian application?

  Discussion posts and replies are publicly visible

Parents
  • 0
    Certified Lead Developer
    I don't think so, since the underlying Java class should be the same for both entry points. The only thing I can think of is I think you'll see a servlet call in /designer that wraps this package. If you can find that class, perhaps a logger with DEBUG level on that package will give you the context you want. You might also be able to track the calls from a network perspective if the username is a query parameter to the servlet, which I believe might be the case.

    I don't currently have access to an older environment with /designer available so unfortunately I can't much more specific.
  • Hi Justin, I am upgrading to 18.2 in about 2 months so if you have a solution for me that is related to the /design tab, then please give it to me. I would imagine I will have the same challenge in /design? Or is there any difference there?
  • 0
    Certified Lead Developer
    in reply to erickp
    The /designer ideas won't work with 18.2.

    Besides adjusting log4j, the only other option I can think of is potentially updating your processes to write to a DB when an add/remove operation is done. You'd have to look at multiple sources to confirm changes but if this is just for auditing purposes then I wouldn't expect that to be a problem.

    It might be worth asking Appian Support if they have a way to handle this more easily; I'm just not aware of anything easier, and nothing else is documented that I can find.
Reply
  • 0
    Certified Lead Developer
    in reply to erickp
    The /designer ideas won't work with 18.2.

    Besides adjusting log4j, the only other option I can think of is potentially updating your processes to write to a DB when an add/remove operation is done. You'd have to look at multiple sources to confirm changes but if this is just for auditing purposes then I wouldn't expect that to be a problem.

    It might be worth asking Appian Support if they have a way to handle this more easily; I'm just not aware of anything easier, and nothing else is documented that I can find.
Children
No Data