Solved: Re: etadata-server-Logs: When adding a user to a group to many message...

andreas_lds · Posted 04-09-2019 09:14 AM

When SMC is used to add a user to a group (or role) for each user already in that group a remove and an add are logged in the metadata-server-log

The following lines have been added to the log. The only thing i did was adding "NewGirl" to "DemoGroup":

2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Audit Public Object Type=Benutzergruppe Name=DemoGroup ObjId=A5ZLFH94.A500001V has been updated.
2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Changed IdentityType=IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Audit Public Object Type=Benutzergruppe Name=DemoGroup ObjId=A5ZLFH94.A500001V has been updated.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Changed IdentityType=IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user02, ObjId=A5ZLFH94.AP000007 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user01, ObjId=A5ZLFH94.AP000004 to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=user03, ObjId=A5ZLFH94.AP00000G to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Removed Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B from IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,762 INFO  [00335657] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.

Seems to be a bit much. Is it possible to reduce the lines written to the log? In this case the lines

2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Audit Public Object Type=Benutzergruppe Name=DemoGroup ObjId=A5ZLFH94.A500001V has been updated.
2019-04-09T15:04:45,731 INFO  [00335652] 11675:admin@DOMAIN - Changed IdentityType=IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.
2019-04-09T15:04:45,747 INFO  [00335652] 11675:admin@DOMAIN - Added Member IdentityType=Person  Name=NewGirl, ObjId=A5ZLFH94.AP00000B to IdentityGroup  Name=DemoGroup, ObjId=A5ZLFH94.A500001V.

are all, that i expected to find the log.

Stefan_Giuros1 · Posted 04-10-2019 10:23 AM

As far as I know, this behavior is inherited from SAS 9.2 and I believe this results from the way the association lists in SAS metadata are managed for the association cardinality between SAS groups and SAS users they contain..

I also believe that this behavior was maintained in SAS 9.4 for legacy-compatibility reasons - for example, some customer-written log parser programs might already been created with this behavior in mind, so changing the behavior might impact backward-compatibility.

So, in a nutshell, I do not believe there is a way to avoid the side-effect you have mentioned.

Hope this helps.

View solution in original post

alexal · Posted 04-09-2019 09:21 AM

@andreas_lds ,

Either one you have enabled APM logging for the metadata server or increased logging level for Audit.Meta.Security.AccCtrlAdm logger. What is the current value of logconfigloc for the metadata server?

andreas_lds · Posted 04-09-2019 09:40 AM

Audit.Meta.Securiy.AccCtrlAdm is set to "inherited" = Information. This should be the default setting after configuration of 9.4m5

alexal · Posted 04-09-2019 09:46 AM

@andreas_lds ,

This should be the default setting after configuration of 9.4m5

I'm not seeing that on my M6 server. Change the logging level of Audit.Meta.Security.AccCtrlAdm to OFF if you do not want to see those messages in the log.

andreas_lds · Posted 04-09-2019 09:53 AM

Thanks, but setting log level to "off" didn't solve the problem, i still see to the same number of messages in the log. I did not restart the Metadata, though.

alexal · Posted 04-09-2019 09:55 AM

@andreas_lds ,

but setting log level to "off" didn't solve the problem

Where did you do that? In a file? If yes, you have to restart the metadata server.

andreas_lds · Posted 04-10-2019 01:55 AM

I used smc to change the setting.

Stefan_Giuros1 · Posted 04-10-2019 10:23 AM

As far as I know, this behavior is inherited from SAS 9.2 and I believe this results from the way the association lists in SAS metadata are managed for the association cardinality between SAS groups and SAS users they contain..

I also believe that this behavior was maintained in SAS 9.4 for legacy-compatibility reasons - for example, some customer-written log parser programs might already been created with this behavior in mind, so changing the behavior might impact backward-compatibility.

So, in a nutshell, I do not believe there is a way to avoid the side-effect you have mentioned.

Hope this helps.

andreas_lds · Posted 04-11-2019 01:04 AM

So, in a nutshell, I do not believe there is a way to avoid the side-effect you have mentioned.

Good to know and not to difficult to write code removing the remove/add events balancing each other out.

Metadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log

Re: etadata-server-Logs: When adding a user to a group to many messages are written to the log