Email Notification on User Login

aalarco4 · ‎08-08-2012

In our deployment, I have created an emergency admin account that will allow a few members in my department administrator access to the instance if the normal admin, myself, is unavailable. However, I want to ensure that this account is not used unless absolutely necessary so I was looking to set up an email notification that would send a message (maybe to our CAB, not sure yet) when this account logs into the instance.

The two methods I've looked into, but had issues with, are using a Email Notification that launches on event "login" and a Script Action that launches a different event which then launches an email notification. With the first method I can use the event "login" to trigger the email notification, but I can't figure out how to use event.parm1 (username of the person logging in) for a condition. I would need to add in a condition that states:


 if(event.parm1.toString() == 'its_admin')

The other method is a Script Action that launches a registered event which then triggers an email notification. The Script Action launches on event "login" and has the following code:



if(event.parm1.toString() == 'its_admin'){
   gs.eventQueue('admin.login', event.parm1.toString(), event.parm2.toString());
}

If I add gs.log statements, I get log entries, so the script is running, but it doesn't appear to be launching the event.

Any thoughts or other methods to try?

nikita_mironov · ‎08-08-2012

I think its incorrect evenQueue method call. The second parameter should be GlideRecord object for which you are running the event. I guess it should be the user that is logging in. This can be easily checked in Events queue.

The following script will work fine for our case:
<%
if(event.parm1.toString() == 'its_admin') {
var myUsr = new GlideRecord('sys_user');
myUsr.get(event.user_id.toString());
gs.eventQueue('admin.login', myUsr,event.parm1.toString(), event.parm2.toString());
// gs.log('Fired admin.login event!');
}
%>
The new event being fired ("admin.login") should be registered in Events > Registry and then you can set up a notification for that event to be executed on the top of sys_user table. Parm2 contains the user IP address so if you are not behind NAT you can include that in email body using syntax <%${event.parm2}%>

Michael Kaufman · ‎08-09-2012

A different approach is to have a business rule on the User Table that triggers an event when the login time changes. That is probably easier than the methods mentioned. I tried this out and it worked. I didn't setup the email notification, but I saw the event created.

Business Rule:



Name: Admin User Login Event
Table: User [sys_user]
When: after
Insert/Update: true
Order: 100
Active: true
Script:
if (!current.last_login_time.nil() &amp;&amp; current.last_login_time.changes() &amp;&amp; current.user_name == 'its_admin') {
  gs.eventQueue("admin.login", current, current.user_name , current.user_name);
}

Registry



Name: admin.login
Table: User [sys_user]
Fired By: Admin User Login Event Business Rule
Description: Admin User Login Event

Email Notification



Event: admin.login

aalarco4 · ‎08-09-2012

Thanks for both of these suggestions. I ended up using the business rule that Mike suggested, but I also will use the correct eventQueue method suggested by Nikita.