cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can I find out who creates a user record in IDM?

Go to solution
Chenyang
Contributor

on ‎02-10-2015 9:45 PM

0 Kudos

Hi

I just found out from the error message a user has been created and manually assigned to a position in IDM. I suspect this user is created in UI directly rather than from the correct data source. I tried to find out who did it, but failed.

Which tables should I look into and find out who (log in user) actually did it?  I searched table mxp_audit, but it is all about links and the operator is mxmc_rt_u, which is not very meaningful.

Thanks,

Chenyang Xiong

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Chenyang
Contributor
‎02-10-2015 10:49 PM
0 Kudos

Hi Norman & Steffi,

Thanks for your help. I found out the user is created by the program.

The user is not created in createAD user step because she is in incorrect OU. But there is an issue in the logic of business role assignment and he was pickup and assigned a business role, that's why his account is created and with a MSKEYVALUE and displayname only.

Thank you for your time again,

Chenyang Xiong

Show replies
Show replies

Answers (2)

Answers (2)

Steffi_Warnecke
Active Contributor
‎02-10-2015 10:25 PM
0 Kudos

Hello there,

I'd start with the monitoring-tab of the admin-UI of the IDM and there in the provisioning audit to see, who triggered the user creation task. If it was created through a UI mask, you should find the name of the user here.

Regards,

Steffi.

Show replies
Show replies
Chenyang
Contributor
‎02-10-2015 10:53 PM
0 Kudos

That works. If the user is created manually, the creator is under "Start by" column.

Thanks,

Chenyang

normann
Advisor
Advisor
‎02-10-2015 9:55 PM
0 Kudos

Hello Chenyang,

first place to look for is idmv_link_ext - where you can search for the link (the position (business role) assignment) and see who is stored as the last modifying person.

When working with business roles, the user inherits the privileges of that business roles and thus the changing user of the privilege assignment is the system itself. You have to analyze the assignment of the position to the user. If you need more information about the link of the position to the user, look up the link in table mxi_link_audit or try to find the mcAddAudit in the audit table.

If you cannot find any user information at all you might consider that the change has been done by some internal logic. If this is the case you can get the last executed task from the audit table and check what that task is.

Regards

Norman

Show replies
Show replies
Chenyang
Contributor
‎02-10-2015 10:59 PM
0 Kudos

Hi Norman,

If the user is created manually, the creator can be found from idmv_value_basic under USERID column. It was NULL for this particular user, so it should be created automatically by a program.

Cheers,

Chenyang Xiong

Ask a Question