Home  Support   BlackBerry Knowledge Base  

How to run an audit of administrative actions within BlackBerry Administration Service

Article ID: KB19251

Type: Support Content

Last Modified: 02-01-2013

 

Product(s) Affected:

  • BlackBerry Enterprise Server
  • BlackBerry Enterprise Server Resource Kit
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0
  • BlackBerry Enterprise Server Resource Kit 5.0
CollapseOverview

The BlackBerry Administration Service records an audit of the majority of tasks performed by BlackBerry Administrators using the BlackBerry Administration Service, BlackBerry User Administration Service, or applications that  use the BlackBerry Web Service API.

Administrators can run the BAS_Audit_SQL_Script.sql script to generate a report of the recorded events. The audit script creates and deletes several user-defined functions in the BlackBerry configuration database. In order to run the script the user will need to be assigned either the db_owner or db_ddladmin role.

Note: Actions performed using the BlackBerry User Administration Service or the BlackBerry Web Service API may be recorded as the account that the service is using to authenticate to the BlackBerry Administration Service  rather than the individual that performed the actions.

If required, there are five optional variables that can be modified to further narrow down the query results. To modify these variables, open the script and search for the following variables:

  • startDate - The date you want the search results to start from.
  • endDate - The date you want the search results to end at.
  • userId - The ID of the user you want to report on. To find the UserID,  the administrator can query the BASUsers table and match the UserID column to the row of the desired user.
  • typeName - The BlackBerry Administration Service plug-in identifier.
  • plugInId - The number associated with that BlackBerry Administration Service plug-in identifier.

To set the variable to a desired value, simply remove the -- and insert the desired value. For example, if to find all actions for UserID=5, change the script from:

--SET @userId = 10

to

SET @userId = 5

If the userID is not defined a report will be done on all users.
CollapseAdditional Information

The time zone for the data returned in ChangeDateTime field is UTC, not local server time.

Additional information can also be obtained from the BlackBerry Enterprise Server Resource Kit, using the BlackBerry Domain Administration History Reporting Tool (AdminHistory.exe). Please see KB32779 for more information. However, not all administrative tasks are audited in the database tables that this tool reports on.
CollapseAttachments

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.