Skip to content

Audit

Concepts in Access Management

Privacera Access Management’s audit facility preserves audit records for all data accesses and important access policy-related changes. Administrators can use the built-in audit store, and audit browser, and search capabilities to: - Track recent access control enforcement decisions. - View recent changes to policies, resources, security principals and entitlements. - Monitor policy and user synchronization operations across systems under management.

Access Management stores audit records for all data access and key portal activity. Audit records are retained for 90 days.

Access to the underlying Apache Solr audit data store is available, so that audit records can be extracted and forwarded to systems that more closely fit a customer’s requirements for long-term audit management.

About the Audit Page

The Audit Page lets you browse, search and filter recent audit records by a variety of criteria. You can use these capabilities to check the effects of recent policy changes or to browse or search recent activity against specific sets of data objects.

The Audit Page reports access to objects in all security zones to any user who has access to the audit page.

When collect audit data, some PolicySync connectors cannot annotate the audit record with the security zones of tables referenced in each query. Audit records from those connectors do not specify security zone information. It may therefore be impractical to rely on filtering audit records based on security zone. See the documentation for each connector for details on any audit limitations.

Access to the Audit Page

Anyone who can access the audit page can view all access audit log records for all data objects under management.

Details on the Audit Page

The Audit page includes information under the following categories:

  • Access: Each access (or denial) to a managed data repository.
  • Admin: Portal Administrative activity including revisions to policies.
  • Login Sessions: Logins to your PrivaceraCloud account web portal.
  • Plugin: Logged status for each synchronization exchange with a data access plug-in component.
  • Plugin Status: Logged updates with each data access plug-in component.
  • UserSync: Logged user updates from LDAP/AD directory service.
  • PolicySync: Logged queries to data resources integrated using 'policy sync' method.

View Audit Records

  1. On the left, click Access ManagementAudit.

  2. Select a tab to see events in the associated category.

    • Access
    • Admin
    • Login Sessions
    • Plugin
    • Plugin Status
    • User Sync
    • Policy Sync
  3. (Optional) Select a time range for the events you want to see. The default is seven days.

About PolicySync Access Audit Records and Policy ID

For datasources where Ranger plug-ins make policy decisions, those plug-ins can log the specific policy that was enforced, and the Policy ID column is populated with a link to the relevant policy.

For datasources where enforcement is provided by PolicySync, individual access control decisions are enforced by native database permissions, secure views, and other native application security mechanisms. It is not feasible to trace back from the interaction of those mechanisms to an individual Privacera access control policy. In such cases, the policy ID is set to zero.

PEG REST API Access

On the Access tab, use the search filter pulldown menu to see Service is PEG (Privacera Encryption Gateway).

<img src="../assets/audit_page_apikey.png" />

This shows access to a PEG encryption key when a PEG REST API request specifies an encryption scheme.

For more information about PEG, see the Privacera Encryption Guide.

Enable Reason Setting

The "reason" setting shows error codes and error messages on the Audit page that caused an audit record.

Set the following properties:

vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom.properties
ranger.policysync.connector.0.enable.audit=true 
ranger.policysync.connector.0.audit.source.simple=true 
ranger.policysync.connector.0.audit.source.advance=false 
ranger.policysync.connector.0.custom.audit.db.name=${Database_Name} 
ranger.policysync.connector.0.audit.initial.pull.min=30