cancel
Showing results for 
Search instead for 
Did you mean: 

DA Audit Trail?

patriot3w
Level 5
Partner Accredited

Is Audit Trail available in DA? For example, I changed the role and permissions, is it logged?

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Permissions are logged in the table tblHistCasePermission.

You could use a query like this to see what permissions where added then removed.

SELECT c.name as CaseName
    , p.PrincipalLogin as DomainUser
    , tp.name as PermissionName
    , hc.startdate as StartDate
    , hc.enddate as EndDate
FROM tblHistCasePermission hc
JOIN tblPrincipal p on p.PrincipalID = hc.PrincipalID
JOIN tblPermission tp on tp.PermissionID = hc.PermissionID
JOIN tblCase c on c.CaseID = hc.CaseID
--WHERE c.Name = 'CASENAME'
GROUP BY c.name, p.PrincipalLogin, tp.name, hc.StartDate, hc.EndDate

You can change the WHERE clause to only run it on a specific case.

Then you could use these articles and create your own SQL Report.

https://www-secure.symantec.com/connect/articles/creating-custom-report-symantec-enterprise-vault-discovery-accelerator-80-and-higher-part-1

https://www-secure.symantec.com/connect/articles/creating-custom-report-symantec-enterprise-vault-discovery-accelerator-80-and-higher-part-2

View solution in original post

1 REPLY 1

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Permissions are logged in the table tblHistCasePermission.

You could use a query like this to see what permissions where added then removed.

SELECT c.name as CaseName
    , p.PrincipalLogin as DomainUser
    , tp.name as PermissionName
    , hc.startdate as StartDate
    , hc.enddate as EndDate
FROM tblHistCasePermission hc
JOIN tblPrincipal p on p.PrincipalID = hc.PrincipalID
JOIN tblPermission tp on tp.PermissionID = hc.PermissionID
JOIN tblCase c on c.CaseID = hc.CaseID
--WHERE c.Name = 'CASENAME'
GROUP BY c.name, p.PrincipalLogin, tp.name, hc.StartDate, hc.EndDate

You can change the WHERE clause to only run it on a specific case.

Then you could use these articles and create your own SQL Report.

https://www-secure.symantec.com/connect/articles/creating-custom-report-symantec-enterprise-vault-discovery-accelerator-80-and-higher-part-1

https://www-secure.symantec.com/connect/articles/creating-custom-report-symantec-enterprise-vault-discovery-accelerator-80-and-higher-part-2