VMware Cloud Community
mdonovan
Contributor
Contributor
‎04-30-2010 05:17 AM
Jump to solution

Determining who changed permissions

I have a small group of people defined as Administrators on the farm I manage. Recently someone made some permissions changes and messed things up. Naturally nobody did anything, so I want to determine who made the permissions changes and when. I did look through the logs by filtering for the word permissions but nothing came up. I am going to make them much more limited administrators in the very near future, but I still want to know who changed it. Is there a log somewhere I can use to determine who made the change?

Thanks

Matt

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
hicksj
Virtuoso
Virtuoso
‎04-30-2010 08:43 AM
Jump to solution

You may be interested in any of the following in the event tables:

RoleUpdatedEvent

RoleRemovedEvent

RoleEvent

RoleAddedEvent

PermissionRemovedEvent

PermissionUpdatedEvent

PermissionEvent

PermissionAddedEvent

I utilize a viperltoolkit script, found here:

http://communities.vmware.com/servlet/JiveServlet/download/821751-4447/vmeventmgr.pl

Create an eventlist.txt file listing the above, and then pass that in as an argument to the script. Works like a champ. I actually run it every week via cron and email the results to myself so I can audit what's going on in our virtual infrastructure. I include a number of other event types, like VM creation, power operations, etc... You can have it report back for last X days/weeks/hours... whatever you need.

View solution in original post

0 Kudos
2 Replies
hicksj
Virtuoso
Virtuoso
‎04-30-2010 08:43 AM
Jump to solution

You may be interested in any of the following in the event tables:

RoleUpdatedEvent

RoleRemovedEvent

RoleEvent

RoleAddedEvent

PermissionRemovedEvent

PermissionUpdatedEvent

PermissionEvent

PermissionAddedEvent

I utilize a viperltoolkit script, found here:

http://communities.vmware.com/servlet/JiveServlet/download/821751-4447/vmeventmgr.pl

Create an eventlist.txt file listing the above, and then pass that in as an argument to the script. Works like a champ. I actually run it every week via cron and email the results to myself so I can audit what's going on in our virtual infrastructure. I include a number of other event types, like VM creation, power operations, etc... You can have it report back for last X days/weeks/hours... whatever you need.

0 Kudos
mdonovan
Contributor
Contributor
‎05-04-2010 08:32 AM
Jump to solution

Thanks for that information. I'll start digging into the logs.

Matt

0 Kudos