Please share any images or screenshots, if relevant.
NA
Please share any other relevant files that may be required (for example, logs).
NA
Share all details about your problem, including any error messages you may have received.
I performed an “Edit Role” operation using the SailPoint IIQ UI. The Edit Role button is at the bottom of the Role Details page (which is launched upon search of the roles and clicking a role to view the details).
I checked the Audit config and I see the Update Role Audit event enabled snippet pasted below
However when I query the SPT_AUDIT_EVENT table for the DISTINCT ACTION in the table I do not see Update Role or any form of Edit Role action listed. I have queried the database post performing the “Edit Role” operation in SailPoint UI.
SELECT DISTINCT ACTION FROM SPT_AUDIT_EVENT WHERE LOWER(ACTION) LIKE ‘%role%’
I did try the option you mentioned and was able to get the audit logs. There is challenge though. I am not able to capture the exact details of what changes were done to the object. For example in case of workgroups which we are using for some approvals. I want to enable a mechanism of who were the historical members of the workgroup. Seems the audit table is able to capture the object and the user who modified along with the operation. However which attribute of the object and what was the old and new value is not seen.
If there is a way to capture it please specify how I can get this information.
Is there a common code or utility available which will enable get the updates done to the object. basically the audit should be able to inform what changed, by whom and when. The what changed is not captured in the current out of box implementation which I feel is a gap in implementation.
