Skip to main content

Privacera Platform master publication

Audit

:

Privacera Access Management’s audit facility preserves audit records for all data accesses and important access policy-related changes. Administrators can use the built-in audit store,  and audit browser, and search capabilities to:

  • Track recent access control enforcement decisions.

  • View recent changes to policies, resources, security principals and entitlements.

  • Monitor policy and user synchronization operations across systems under management.

Privacera limits audit record retention to 90 days, to maintain performance and scalability of the Apache Solr service used as an audit store.

Open access to the underlying Apache Solr audit data store is available, so that audit records can be extracted and forwarded to systems that more closely fit a customer’s requirements for long-term audit management.

The Audit Page lets you browse, search and filter recent audit records by a variety of criteria. You can use these capabilities to check the effects of recent policy changes, or to browse or search recent activity against specific sets of data objects.

The Audit page includes information under the following categories:

  • Access: Each access (or denial) to a managed data repository.

  • Admin: Portal Administrative activity including revisions to policies.

  • Login Sessions: Logins to your PrivaceraCloud account web portal.

  • Plugin: Logged status for each synchronization exchange with a data access plug-in component.

  • Plugin Status: Logged updates with each data access plug-in component.

  • UserSync: The new provisioning of a user or group or modification of an already provisioned user or group, that has already been provisioned from the connected Identity Provider.

  • PolicySync: Logged queries to data resources integrated using 'policy sync' method.

Accessing the audit page

To access the audit page, you must be assigned either the ROLE_ADMIN or ROLE_AUDITOR role.

Anyone who can access the audit page can view all access audit log records for all data objects under management.

The Audit Page reports access to objects in all security zones to any user who has access to the audit page.

Some PolicySync connectors, when collecting audit records, are unable to annotate the audit record with the security zone(s) of tables referenced in each query. Audit records from those connectors do not specify security zone information. It may therefore be impractical to rely on filtering audit records based on security zone.

See the documentation for each connector for details on any audit limitations.

About PolicySync Access Audit Records and Policy ID

For datasources where Ranger plug-ins make policy decisions, those plug-ins can log the specific policy that was enforced, and the Policy ID column is populated with a link to the relevant policy.

For datasources where Ranger plug-ins make policy decisions, those plug-ins can log the specific policy that was enforced, and the Policy ID column is populated with a link to the relevant policy.

View audit logs

  1. From the home page, click Access Management > Audit.

  2. Select a tab to see events in the associated category.

    • Access

    • Admin

    • Login Sessions

    • Plugin

    • Plugin Status

    • User Sync

    • Policy Sync

  3. (Optional) Select a time range for the events you want to see. The default is seven days.

PEG API access

On the Access tab, use the search filter pulldown menu to see Service is PEG (Privacera Encryption Gateway).

Image 283645

This shows access to a PEG encryption key when a PEG REST API request specifies an encryption scheme.

For more information about PEG, see the Privacera Encryption Guide.

Enable reason setting

The "reason" setting shows error codes and error messages on the Audit page that caused an audit record.

Set the following properties:

vi ~/privacera/privacera-manager/config/custom-properties/rangersync-custom.properties
ranger.policysync.connector.0.enable.audit=true 
ranger.policysync.connector.0.audit.source.simple=true 
ranger.policysync.connector.0.audit.source.advance=false 
ranger.policysync.connector.0.custom.audit.db.name=${Database_Name} 
ranger.policysync.connector.0.audit.initial.pull.min=30