BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
andreas_lds
Jade | Level 19

When SMC is used to add a user to a group (or role) for each user already in that group a remove and an add are logged in the metadata-server-log

 

The following lines have been added to the log. The only thing i did was adding "NewGirl" to "DemoGroup":

2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Audit Public Object Type=Benutzergruppe Name=DemoGroup ObjId=A5ZLFH94.A500001V has been updated.
2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Changed IdentityType=IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Audit Public Object Type=Benutzergruppe Name=DemoGroup ObjId=A5ZLFH94.A500001V has been updated.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Changed IdentityType=IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.

Seems to be a bit much. Is it possible to reduce the lines written to the log? In this case the lines

 

2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Audit Public Object Type=Benutzergruppe Name=DemoGroup ObjId=A5ZLFH94.A500001V has been updated.
2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Changed IdentityType=IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.

are all, that i expected to find the log.

1 ACCEPTED SOLUTION

Accepted Solutions
Stefan_Giuros1
SAS Employee

As far as I know, this behavior is inherited from SAS 9.2 and I believe this results from the way the association lists in SAS metadata are managed for the association cardinality between SAS groups and SAS users they contain..

 

I also believe that this behavior was maintained in SAS 9.4 for legacy-compatibility reasons - for example, some customer-written log parser programs might already been created with this behavior in mind, so changing the behavior might impact backward-compatibility.

 

So, in a nutshell, I do not believe there is a way to avoid the side-effect you have mentioned.

 

Hope this helps.

 

 

View solution in original post

8 REPLIES 8
alexal
SAS Employee

@andreas_lds ,


Either one you have enabled APM logging for the metadata server or increased logging level for Audit.Meta.Security.AccCtrlAdm logger. What is the current value of logconfigloc for the metadata server?

andreas_lds
Jade | Level 19

Audit.Meta.Securiy.AccCtrlAdm is set to "inherited" = Information. This should be the default setting after configuration of 9.4m5

alexal
SAS Employee

@andreas_lds ,

This should be the default setting after configuration of 9.4m5

 

I'm not seeing that on my M6 server. Change the logging level of Audit.Meta.Security.AccCtrlAdm to OFF if you do not want to see those messages in the log.

andreas_lds
Jade | Level 19

Thanks, but setting log level to "off" didn't solve the problem, i still see to the same number of messages in the log. I did not restart the Metadata, though.

alexal
SAS Employee

@andreas_lds ,

but setting log level to "off" didn't solve the problem

 

Where did you do that? In a file? If yes, you have to restart the metadata server.

Stefan_Giuros1
SAS Employee

As far as I know, this behavior is inherited from SAS 9.2 and I believe this results from the way the association lists in SAS metadata are managed for the association cardinality between SAS groups and SAS users they contain..

 

I also believe that this behavior was maintained in SAS 9.4 for legacy-compatibility reasons - for example, some customer-written log parser programs might already been created with this behavior in mind, so changing the behavior might impact backward-compatibility.

 

So, in a nutshell, I do not believe there is a way to avoid the side-effect you have mentioned.

 

Hope this helps.

 

 

andreas_lds
Jade | Level 19

So, in a nutshell, I do not believe there is a way to avoid the side-effect you have mentioned.

 

Good to know and not to difficult to write code removing the remove/add events balancing each other out.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 8 replies
  • 1641 views
  • 1 like
  • 3 in conversation