ALTER TABLE ma_audit_event ADD custSituation VARCHAR(255);
CREATE INDEX iAuditEventCustSituation
ON ma_audit_event (custSituation);
Dashboard report: Audit events which change administrativeStatus on resource
Please see Dashboard configuration for basic information about configuration variables and Auditing-Custom column for steps how to add custom column.
Example Use-case
Administrator needs display all audit events which contains delta with changes on administrativeStatus of account on resource R1
Configuration
As first, we need add custom column to m_audit_event table, on it use next sql commands:
Example Resource Configuration
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2010-2017 Evolveum
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<resource oid="ef2bc95b-76e0-59e2-86d6-9999cccccccc"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
<name>Test CSV: username</name>
<description>Simple CSV resource that is using single identifier (username)</description>
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>com.evolveum.polygon.connector.csv.CsvConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<connectorConfiguration xmlns:icfi="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-csv/com.evolveum.polygon.connector.csv.CsvConnector">
<icfc:configurationProperties>
<icfi:filePath>target/midpoint.csv</icfi:filePath>
<icfi:encoding>utf-8</icfi:encoding>
<icfi:fieldDelimiter>,</icfi:fieldDelimiter>
<icfi:multivalueDelimiter>;</icfi:multivalueDelimiter>
<icfi:uniqueAttribute>username</icfi:uniqueAttribute>
<icfi:passwordAttribute>password</icfi:passwordAttribute>
</icfc:configurationProperties>
</connectorConfiguration>
<!-- Schema is empty. Schema should be generated by provisioning on the first use of this resource. -->
<schemaHandling>
<objectType>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:AccountObjectClass</objectClass>
<attribute>
<ref>ri:username</ref>
<outbound>
<source>
<path>$user/name</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:firstname</ref>
<outbound>
<source>
<path>$user/givenName</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:lastname</ref>
<outbound>
<source>
<path>$user/familyName</path>
</source>
</outbound>
</attribute>
<activation>
<administrativeStatus>
<outbound />
</administrativeStatus>
</activation>
<credentials>
<password>
<outbound />
</password>
</credentials>
</objectType>
</schemaHandling>
<capabilities>
<configured>
<cap:activation>
<cap:status>
<cap:attribute>ri:disabled</cap:attribute>
<cap:enableValue>false</cap:enableValue>
<cap:disableValue>true</cap:disableValue>
</cap:status>
</cap:activation>
</configured>
</capabilities>
</resource>
Example CSV Source File
username | firstname | lastname | disabled | password |
---|---|---|---|---|
user01 |
Firstname |
Lastname |
false |
secret |
user02 |
Test |
Lastname |
false |
secret |
As next adding we’re adding next snippet of configuration to config.xml file in Midpoint home directory.
config.xml configuration snippet
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2010-2024 Evolveum
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<configuration>
<midpoint>
...
<audit>
<auditService>
<auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
</auditService>
<auditService>
<auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
<customColumn>
<columnName>custSituation</columnName>
<eventRecordPropertyName>situation</eventRecordPropertyName>
</customColumn>
</auditService>
</audit>
...
</midpoint>
</configuration>
After modifying config.xml we have to restart Midpoint. As last part of adding custom column adding next configuration to system configuration.
Snippet of system configuration
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2010-2024 Evolveum
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<systemConfiguration>
...
<audit>
<eventRecording>
<property>
<name>situation</name>
<expression>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
ret = "";
if (target instanceof UserType) {
for (ObjectDeltaOperation delta : auditRecord.getDeltas()) {
if ("ef2bc95b-76e0-59e2-86d6-9999cccccccc".equals(delta.getResourceOid())) {
for (ItemDelta itemDelta : delta.getObjectDelta().getModifications()){
if (itemDelta.getPath().equivalent(ItemPath.create(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS))){
if (!ret.isEmpty()){
ret = ret + "|";
}
ret = ret + "changeAdminStatR1";
}
}
}
}
}
return ret
</code>
</script>
</expression>
</property>
</eventRecording>
</audit>
...
</systemConfiguration>
I chose situations are split by '|', but you can use more columns. Now, we need configure object collection for audit records. In object collection for audit events we use sql select command.
Object collection
When we have object collection, then import Dashboard object with widget for our object collection.
Dashboard
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2010-2024 Evolveum
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<dashboard xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
oid="72b1f98e-f587-4b9f-b92b-72e251da4567">
<name>changes-of-admin-status-r1</name>
<display>
<label>Changes of administrativeStatus(R1)</label>
</display>
<widget>
<identifier>adminstat</identifier>
<display>
<label>Changes of administrativeStatus(R1)</label>
<color>#00a65a</color>
<icon>
<cssClass>fa fa-database</cssClass>
</icon>
</display>
<data>
<sourceType>auditSearch</sourceType>
<collection>
<collectionRef oid="72b1f98e-f587-4b9f-b92b-72e251dbb277" type="ObjectCollectionType"/>
</collection>
</data>
<presentation>
<dataField>
<fieldType>value</fieldType>
<expression>
<proportional>
<style>value-only</style>
</proportional>
</expression>
</dataField>
<dataField>
<fieldType>unit</fieldType>
<expression>
<value>changes</value>
</expression>
</dataField>
</presentation>
</widget>
</dashboard>
After successful import of dashboard object and reload of page you can see dashboard in menu Dashboards > Changes of administrativeStatus(R1).
We want report with table of audit events, so we import dashboard report.
Report
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2024 Evolveum
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
oid="483513f8-08f0-4b32-a2b1-f9696ddb6fda">
<name>Changes of administrativeStatus(R1) dashboard report</name>
<assignment>
<targetRef oid="00000000-0000-0000-0000-000000000170" relation="org:default" type="c:ArchetypeType"/>
<activation>
<effectiveStatus>enabled</effectiveStatus>
</activation>
</assignment>
<archetypeRef oid="00000000-0000-0000-0000-000000000170" relation="org:default" type="c:ArchetypeType"/>
<roleMembershipRef oid="00000000-0000-0000-0000-000000000170" relation="org:default" type="c:ArchetypeType">
</roleMembershipRef>
<dashboard>
<dashboardRef oid="72b1f98e-f587-4b9f-b92b-72e251da4567" relation="org:default" type="c:DashboardType"/>
</dashboard>
</report>
Now we can run report in report menu, show task, and download report. Every report from dashboard is in HTML format.