• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
        • Enterprise Synthetic Monitoring
      • Synthetic Classic
        • Synthetic Classic Open Q&A
  • Home /
  • Public Forums /
  • Network Application Monitoring /
  • NAM Open Q&A /
avatar image
Question by April L. · Jun 18, 2015 at 02:07 AM ·

LDAP User Groups, Roles and Auditing - identifying what roles a user has because of which groups

Hello,

Some users have been reporting that after using the system for a while, they will log in and their roles will be unassigned and they can't view anything, at which point we'll manually go in at resolve them. As part of trying to identify a pattern I have been requested to Audit the users that are in the CSS and possibly remove those that haven't accessed the system in X amount of time. As part of that and in trying to identify a pattern in the users encountering that problem I'm checking that what roles/groups users are assigned to ensure that it's correct.

Is there any way to get this information from the CSS? Given that there are both Local and LDAP groups in use, I cannot view which users are in LDAP groups without individually opening each user and viewing their roles/groups. The information CSS gets from LDAP doesn't appear to be stored in the database so it'd not accessible from there.

In Brief: I need is a list of users, their username, which groups their assigned to, and which roles they're assigned either by proxy of being in a group with that access or that they are assigned that role individually.

Has anyone found a way to perform this sort of task or is it a possible enhancement request?

Footnote: CSS version is 12.2.1

 

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

2 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Ulf T. · Jun 18, 2015 at 08:32 AM

Hi April

I don't have a active LDAP connection in my sandbox but there is a log file in \Common Components\cc\eclipse\workspace\logs that tells about the activity.
It might give you some insight as to why some of your users fail to authenticate unless you guys go and kick the box.

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

avatar image April L. · Jun 18, 2015 at 10:11 PM 0
Share

Thank Ulf, I will look into that.

The users don't "fail" so much as one day they log in and all their roles and groups have been removed. 

avatar image

Answer by April L. · Jun 18, 2015 at 06:42 AM

UPDATE:

I have discovered that accessing the list of users from CAS gives me the list of users and their groups, including their LDAP groups. It does not provide the other information required but the information there can be matched to information from the CSS and then the groups looked up for what roles they provide.

I would still like a list of the roles that a user has so I can match it to the roles that are provided via their group, but it's something.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

Welcome to the
Dynatrace Community Forums

Check out the Community User Guide and First steps in the forum to learn how to get started.

Community Member of the Month
July 2019

Announcing Dynatrace's Community Member of the Month for July 2019, Wai C.! Click here to read more!

Employee Member of the Month
July 2019

Announcing Dynatrace's Employee Member of the Month for July 2019, Patrick H.! Click here to read more!

Live webinar: Mastering Azure Monitoring with Dynatrace

Learn about monitoring Azure services in a combination of OneAgent and Azure Monitor using the latest enhancements in Dynatrace.
Thursday, July 11, 4:00 p.m. CEST/10:00 a.m. EDT
Register here

Live webinar: Mastering Azure Monitoring with Dynatrace

Learn about monitoring Azure services in a combination of OneAgent and Azure Monitor using the latest enhancements in Dynatrace.
Thursday, July 11, 4:00 p.m. CEST/10:00 a.m. EDT
Register here

NAM 2018 SP5 is available

We've introduced changes to the Dynatrace module integration, reporting groups, and updated Tomcat on NAM Server.
Learn more

Live webinar: Mastering Azure Monitoring with Dynatrace

Learn about monitoring Azure services in a combination of OneAgent and Azure Monitor using the latest enhancements in Dynatrace.
Thursday, July 11, 4:00 p.m. CEST/10:00 a.m. EDT
Register here

Follow this Question

Answers Answers and Comments

2 People are following this question.

avatar image avatar image

Forum Tags

esm security siebel license nam probe wan citrix dna rest api configuration mq alerting NAM 2018 dashboard dcrumadvisory reports css nam universal decode mobileapp rum ads sap nam console scripting nam server sequence transactions upgrade
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A
      • Enterprise Synthetic Monitoring
    • Synthetic Classic
      • Synthetic Classic Open Q&A