+1 vote

Hello,

Is it possible somehow to display the management history for a specific user on the web GUI?

This is a feature we had in our prior tool, and the supporter like it pretty much.

Regards,

by (750 points)
0

Hi, I also would need that feature. is this available by now? best regards Nils

1 Answer

0 votes
by (216k points)

Update 2018

Starting with Adaxes 2018.1 management history can be viewed in Adaxes Web interface using the Management history report (located in container Reports\All Reports\Miscellaneous\Logging by default). For information on how to configure reports in Web interface, please, have a look at the following tutorial: https://www.adaxes.com/tutorials_WebInterfaceCustomization_ConfigureReportsInWebInterface.htm.

Original

Hello Pierre,

Currently it is impossible to view logging information from the Web Interface, this feature is in our TODO list with a high priority. You can view logging information in the Administration Console only.

There are two options how you can workaround this:

I. Provide your users access to the Administration Console

You can provide Adaxes Administration Console to the users who need to see logging information. For this purpose, you need to install it from Adaxes installation package on their computers. To install the Administration Console only, deselect all components except the Administration Console on the Select Components page of the installation wizard.

Also, you will need to grant the users appropriate permissions by creating a Security Role that grants the right to Read Logging Information for User objects. To create such a Security Role:

  1. Create a new Security Role.
  2. On the 2nd step of the Create Security Role wizard, click Add.
  3. In the dialog box that appears, select the User object type.
  4. Select the Read Logging Information permission in the Allow column.
  5. Click OK.
  6. On the 3rd step, assign the Role to the users who need access to logging information and include the users, for whom they need to be able to read logging information in the Assignment Scope.

For information on how users can logon to Adaxes Administrative Console with their own credentials, see Connect To Adaxes Service and Change Account Used to Log On to Service.

II. Get record logs with a script and output them to the Execution Log of the operation

Alternatively, you can create a Custom Command executed on User objects that would launch a PowerShell script to output the operations performed on the target object to the Execution Log of the operation. Since Execution Log is displayed after each operation in Adaxes, users will be able to see the log records.

For information on ow to extract logging information with scripts, see the following article in our SDK: http://www.adaxes.com/sdk/?AccessingLog ... icationLog.
For information on how to output records to the Execution Log, see the description of the LogMessage method in the following SDK article: http://www.adaxes.com/sdk/?ExecuteScrip ... logmessage.

Since management history of users may contain quite a long and extensive list of records, we would recommend limiting the scope of records outputted to the Execution Log to 10 last records or so.

0

Thank you, I will check this out. Do you have an ETA for the feature?

0

Hello Pierre,

We didn't make any detailed planning for this feature yet.

0

Hello,

I think that there is a bug regarding authorization & log reading.

We made the delegation as explained, and users where able to reach the log the Logging node in the GUI.

But, going through Object > All tasks > Management History / Management activity gives an error.

I had to delegate Read to "All object" to allow users to use that feature. No other combinaison I tried worked.

The workarround now for us is to delegate Read to All object and then exclude every domain plus Configuration Objects

All objects seems to contains more object than just domain objects plus configuration objects

Error: http://s9.postimg.org/jawm1svj3/Adaxes_log_error2.png

0

Hello,

This is a bug in Adaxes that will be fixed by the next release. Thank you for the bugreport!

The thing is that in order to read logging information, users also need to be able to read logging configuration. Typically, the right to read logging configuration is granted by the Domain User Security Role that grants the permission to read all objects. When there is no Security Role that would grant the permission to read all objects, you need to explicitly grant the permission to read logging configuration. In our next version, all users will be able to read logging configuration.

To workaround the issue until the fix is available, you need to create a Security Role that allows to read logging configuration and include All Objects in the Activity Scope of the Role. To create such a Role:

  1. Create a new Security Role.
  2. On the 2nd step of the Create Security Role wizard, click Add.
  3. In the dialog box that appears, switch the radio button to Only selected object types and activate the Show all object types option.
  4. Select the ModificationLogInfo object type.
  5. Select the ActionLogInfo object type.
  6. Select the Read permission in the allow column.
  7. Click OK.
  8. On the 3rd step, assign the Security Role to the users who need access to logging information and include All Objects in the Activity Scope of the Role.
0

Thanks, the provided fix worked perfectly.

Simple remark, if someone tries to do the same.

If the Role only contains ActionLogInfo & ModificationLogInfo it will automatically be assigned over Configuration Object. You need to temporary add some other persmissions in order to be able to target All Objects.

0

Hello,

Yes, an important update on the topic. Thanks, Pierre.

On the 6th step of the above post, you need to add a permission to access some AD objects that do not belong to Adaxes configuration (for example, the permission to Read all object types) in order to be able to include All Objects in the Assignment Scope. After assigning the Role, you can remove that permission.

Related questions

0 votes
1 answer

We're delegating admin rights to our various IT departments, only giving them access over their stuff under their OUs. They're missing the option to see the group membership ... on user's management history, is there another approach that I'm not aware of?

asked Sep 18 by felix (150 points)
0 votes
1 answer

For example, if the scope is a specified OU, running the report will list management history for every object in the OU even if it has had no management operations ... so objects that have not had any recent modifications are excluded from the report results?

asked Aug 13, 2021 by ryan741 (120 points)
0 votes
1 answer

I'd like to know how many versions of Adaxes are there with the patches/updates of every version and how often do they receive the updates. In addition of how often the major upgrades occur?

asked Jan 16 by farid.r (20 points)
0 votes
1 answer

In the Adaxes GUI I see three forms of delegation: Send As Send on Behalf Of Mailbox Rights In the WEB GUI there are also three forms of delegation: Shared Mailbox Members Full ... Behalf Of" missing on the WEB? -- Morten A. Steien For reference GUI: WEB:

asked Jul 14, 2023 by Morten A. Steien (300 points)
0 votes
1 answer

Hi, is it possible to use custom Powershell script to determine, who will be able to modify AD object property (for example managedBy)? So it is not manager of given object who can edit this property, but anyone who pass checks in Powershell script..

asked Apr 7, 2020 by KIT (960 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users