Policy configuration auditing
Article ID: 430281
Updated On:
Products
Information Centric Analytics
Issue/Introduction
Is there a way to see when a policy in Information Centric Analytics (ICA) was enabled or disabled? Is there any audit history for that?
Environment
Release : 6.x
Component : Policies
Resolution
The Risk Fabric console does not provide a method for auditing the change history of ICA policies; however, beginning with version 6.7, it is possible to query the system-versioned temporal table that contains this information using SQL Server Management Studio (SSMS).
The following sample queries can be modified to run in your environment. Replace the @policy parameter declaration <policy_name> with the name of the policy in question.
USE RiskFabric;
GO
DECLARE @policy nvarchar(50) = N'<policy_name>';
/* Returns the last modification date of the policy in question and the user who modified it. */
SELECT p.PolicyID,
p.[Name],
p.IsPolicyEnabled,
u.Username,
p.SysStartTime
FROM dbo.Policies AS p
INNER JOIN dbo.PortalUsers AS u
ON p.RFModifiedBy = u.PortalUserId
WHERE p.[Name] = @policy;
/* Returns historical changes to the policy in question. */
SELECT h.PolicyID,
h.[Name],
h.[Description],
h.DisplayOrdinal,
h.RiskWeight,
h.IsPolicyEnabled,
h.AutoUpdate,
h.UseInNormality,
h.RFModifiedBy,
u.Username,
h.SysStartTime,
h.SysEndTime
FROM dbo.Policies_History AS h
INNER JOIN dbo.PortalUsers AS u
ON h.RFModifiedBy = u.PortalUserId
WHERE h.[Name] = @policy
ORDER BY h.SysStartTime DESC;
/* Returns the username of any accounts that accessed the Policy administration page in the Risk Fabric console yesterday or today. Modify the GETDATE() function as needed to adjust the timespan. */
SELECT u.username,
l.*
FROM dbo.ActivityLog AS l
INNER JOIN dbo.PortalUsers AS u
ON l.PortalUserID = u.PortalUserId
WHERE Detail LIKE N'%policy%' AND
CAST(DateStamp AS date) >= CAST(GETDATE() AS date)
ORDER BY 1 DESC;
Feedback
Yes
No
Powered by
