How to find out who has deleted a user's role ?

Sai176
Kilo Contributor

‎07-17-2019 10:47 AM

Hi,

A user belongs to some groups which have ITIL roles(inherited=true) and was also given ITIL role separately(ITIL role that is inherited=false).The issue is that ,the ITIL role corresponding to inherited=true either got deleted or ddin't get to attach to the user's roles at all.

How to find out who has deleted a user's role apart from sys_audit table ,sys_audit_role table and  sys_audit_delete tables and from logs?

I searched for all the above and found zero results. 

Also sys_audit_role table does not have any data currently.

Request you to kindly help me and guide me through.

Thanking you in advance,

Sai

 

Labels:
0 Helpfuls
  • 4,108 Views
8 REPLIES 8

Sai176
Kilo Contributor
In response to Mark Roethof

‎07-17-2019 12:29 PM

Hi Mark,

I tried this and it did not yield the required results.

Please help me with an alternative if it is possible.

Thanks&Regards,

Sai

0 Helpfuls

Santhana Rajhan
Mega Sage

‎07-17-2019 11:28 AM

In order to check whether a particular member was a part of group or not you need to navigate to that User profile. Right click on the form header and then click on History-->List as shown below:

find_real_file.png

 

If you are not able to see the List option highlighted above in User profile then you need to Turn the Auditing for the user Table as per the steps mentioned below:

1) Navigate to "Dictionary" under System Definition.

2) Search Table = "sys_user" and scroll down to find the below entry highlighted in the screenshot:

find_real_file.png

3)Open the Record highlighted above and click on the Auditing check box to mark it as True as shown below:

find_real_file.png

Once the Auditing has been turned on follow the below steps to check on your requirement:

 

Post click on the List scroll down to the "Audit History" tab and check for the Label/Type as "relation" as shown below:

find_real_file.png

Open the particular Relation record where you can find the name of the Group from which the user was removed as shown below:

find_real_file.png

On the below right side, you could see the User, User ID and User Name of the one who updated. Try it out in the test environment. This would have the backed dated values as well.

You could turn of the audit once completed. I got no idea to check without the use of audit table.

Hope this helps. Mark the answer as correct/helpful based on impact.

Preview file
111 KB
Preview file
59 KB
Preview file
46 KB
Preview file
78 KB
Preview file
74 KB

Sai176
Kilo Contributor
In response to Santhana Rajhan

‎07-17-2019 12:44 PM

Hi Santhana Rajhan,

 

Thank you for the effort you have put in compiling this answer.

The audit table is already turned on and I could see the above results.

I would like to know who has removed the inherited ITIL role even though the user is a part of groups with ITIL role and not what all groups the user previously belonged to.

The answer is much appreciated.

Looking forward for alternate suggestions.

Thanks&Regards,

Sai

0 Helpfuls

Sai176
Kilo Contributor

‎07-22-2019 11:04 PM

Hi,

 

Looking forward for some inputs in this issue.

Thanks&Regards,

Sai

0 Helpfuls