cancel
Showing results for 
Search instead for 
Did you mean: 

Discovery Accelerator 9 - User showed up in Users/Groups that an Admin did not manually Add

We typically do not add and remove users from the User/Groups under the application tab in DA client.  But today, I took a look and found a user that should not be in there whatsoever.  Now we are trying to track down how he got in there.  Who put him there?  When was he put there?  Has he done any searches?  What permissions do you need to even get into the client and add a user.  Though he currently does not have a role assigned to him, I don't know that this has always been the case.  Basically need to know if there is any tracking going on so we can see how this has come to be.  Any assistance is much appreciated.

1 Solution

Accepted Solutions
Accepted Solution!

I get what you are trying to

I get what you are trying to do.  The above queries were in response to you wanting to see if they had ran any searches and to show you if they had been assigned any permissions on any cases.

As for who added him, who has the Discovery System Admin role?  Also, you will need to look at any potential custom role you have created that has the permission to assign roles.

The Admin guide has this:

You must have the application permission Manage Administration Security to assign an application-wide role to a user. You require the case permission Role Assignment to assign a case-specific role. By default, Discovery System Admin users have the first permission, whereas Case Administrator users in a case have the second

I believe the ModifiedDate column from the query below will be when the user was added.

select * from tblPrincipal

Not real sure how to find out who added him, but it should be a short list based on the roles above.

https://www.linkedin.com/in/awsterling/

View solution in original post

7 Replies

For permissions try

For permissions try this:

Permissions are logged in the table tblHistCasePermission.

You could use a query like this to see what permissions were added then removed.

SELECT c.name as CaseName
    , p.PrincipalLogin as DomainUser
    , tp.name as PermissionName
    , hc.startdate as StartDate
    , hc.enddate as EndDate
FROM tblHistCasePermission hc
JOIN tblPrincipal p on p.PrincipalID = hc.PrincipalID
JOIN tblPermission tp on tp.PermissionID = hc.PermissionID
JOIN tblCase c on c.CaseID = hc.CaseID
--WHERE c.Name = 'CASENAME'
GROUP BY c.name, p.PrincipalLogin, tp.name, hc.StartDate, hc.EndDate

 

https://www.linkedin.com/in/awsterling/

For if they ran any searches

For if they ran any searches try this, find out the PrincipalID from tblPrincipal

SELECT * FROM tblPrincipal then edit the where clause below:

SELECT SearchID,
            CaseID,
            NumHits,
            PrincipalName AS ModifiedBy,
            tblIntSearches.Name AS SearchName,
            tblIntSearches.ModifiedDate AS DateModified,
            CreateDate,
            tblStatus.[Name] AS SearchType,
            CreationType.[Name] AS CreationType,
            SampleResultSize,
            NativeQuery,
            NativeLegacyQuery,
            XMLText
FROM tblIntSearches
      LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[ModifiedByID] = tblPrincipal.[PrincipalID]
      INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID]
      INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID]
WHERE tblPrincipal.[PrincipalID] = 3
UNION ALL
SELECT  TypeID AS SearchID,
            tblAudit.CaseID,
            NumHits,
            PrincipalName AS ModifiedBy,
            tblIntSearches.Name AS SearchName,
            AuditDate AS DateModified,
            CreateDate,
            tblStatus.[Name] AS SearchType,
            CreationType.[Name] AS CreationType,
            SampleResultSize,
            NativeQuery,
            NativeLegacyQuery,
            XMLText
FROM tblIntSearches
      INNER JOIN tblAudit ON tblAudit.TypeID = tblintSearches.SearchID
            AND tblIntSearches.StatusID = 858
            AND tblAudit.AuditTypeID = 1052
      LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[CreatedByID] = tblPrincipal.[PrincipalID]
      INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID]
      INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID]
ORDER BY CreateDate DESC
 
 

https://www.linkedin.com/in/awsterling/

This is really helpful. 

This is really helpful.  Thank you.  We are looking more on the application level.  We need to know who and when did someone add a user to the user/group tab.  There is no roles assigned to this user, but we need to know how he got there to begin with.  Any assistance would be helpful and appreciated.  Thanks.

To clarify, we are looking to

To clarify, we are looking to see the info for the Users and Groups, Role Assignments under the Application Tab.  It appears that there has been a user added that should not have been added.  We would like to see if we can find out when it was added and by whom.  Thank you.

Accepted Solution!

I get what you are trying to

I get what you are trying to do.  The above queries were in response to you wanting to see if they had ran any searches and to show you if they had been assigned any permissions on any cases.

As for who added him, who has the Discovery System Admin role?  Also, you will need to look at any potential custom role you have created that has the permission to assign roles.

The Admin guide has this:

You must have the application permission Manage Administration Security to assign an application-wide role to a user. You require the case permission Role Assignment to assign a case-specific role. By default, Discovery System Admin users have the first permission, whereas Case Administrator users in a case have the second

I believe the ModifiedDate column from the query below will be when the user was added.

select * from tblPrincipal

Not real sure how to find out who added him, but it should be a short list based on the roles above.

https://www.linkedin.com/in/awsterling/

View solution in original post

Thank you Tony.  I was able

Thank you Tony.  I was able to see when the person was added, and from there see who may have been doing anything at that time and had the permissions to add that user.  All of the scripts came into play.  I really appreciate your efforts to assist me.  Thanks again.

Glad you were able to suss

Glad you were able to suss through it!  :)

 

Cheers,

 

https://www.linkedin.com/in/awsterling/