I'm trying to find the audit log in uDeploy but all i can find are the changes. Can someone point me to where I can find the audit log? I have looked for an audit tab or a link to generate the audit log but haven't been able to find any information.
Thanks
I found to get to the audit logs you need to have enough privileges to see the Settings tab. So to get to the Audit Logs you go Settings then there is a System section that has the link to the Audit Logs.
Thanks
Related
I have been trying to permanently delete a group from 0365 via PowerShell by using AppRegistration but I keep getting Insufficient Permissions.
I can delete the group with Remove-PnPMicrosoft365Group or Remove-MgGroup and after these commands, the group is moved to deleted items. But when I try to delete the deleted group permanently, I always get insufficient permissions. Both Remove-MgDirectoryDeletedItem and Remove-PnPDeletedMicrosoft365Group did not work for me:
I also tried directly from Graph explorer but I received the same error although I consented all possible permissions.
By the way, I can permanently delete the deleted group from Azure Portal.
Any ideas ?
Thx
Just in case if anybody needs help for such requirement, there are two options:
Give the app registration "Company Admin (Global Admin as of today)" as described here : https://konstantinvlasenko.wordpress.com/2016/12/22/microsoft-graph-api-insufficient-privileges-to-delete-a-group/
But this option will not work later than July 2023 because Microsoft is deprecating MSOL.
App Registration usage is not possible for permanently deleting directory objects : https://learn.microsoft.com/en-us/graph/api/directory-deleteditems-delete?view=graph-rest-1.0&tabs=http
So you will need to use MSGraph with user authentication.
Just fyi, when you try to permanently delete O365 group from Graph Explorer, you will need to consent to Directory.AccessAsUser.All
Regards,
Our infrastructure is hosted on Google Cloud and uses postgresql instances via Cloud SQL
I need to configure logging for HIPAA compliance.
I have read 2 articles from Google's documentation:
https://cloud.google.com/logging/docs/audit/configure-data-access#config-console
https://cloud.google.com/sql/docs/postgres/pg-audit#overview
The first talks about enabling Audit Logs from within IAM, here I can select Cloud SQL and enable r+w logs for data and admins
The second talks about PgAudit and sets the following flag pgaudit.log=all
I have a couple of questions:
How do IAM logs and PgAudit differ, should I enable both or is there redundancy by doing so?
For HIPAA compliance using PgAudit, should I log all or is there another value that makes sense
How do IAM logs and PgAudit differ, should I enable both or is there redundancy by doing so?
Well the IAM Logs focus on Admin Activity and data access:
Admin Activity audit logs: Includes "admin write" operations that
write metadata or configuration information.
Data Access audit logs: Includes "admin read" operations that read
metadata or configuration information. Also includes "data read" and
"data write" operations that read or write user-provided data.
On the other hand the pgAudit extension applies to executed SQL commands and queries.
Basic statement logging can be provided by the standard logging
facility with log_statement = all. This is acceptable for monitoring
and other usages but does not provide the level of detail generally
required for an audit. It is not enough to have a list of all the
operations performed against the database. It must also be possible to
find particular statements that are of interest to an auditor. The
standard logging facility shows what the user requested, while pgAudit
focuses on the details of what happened while the database was
satisfying the request.
For HIPAA compliance using PgAudit, should I log all or is there another value that makes sense
When it comes to HIPAA compliance, I do not have any experience in the topic, but in this page it is mentioned that part of the Technical safeguards of HIPAA security rule is to introduce activity logs and audit controls.
Maybe combining the IAM logs (Who did what, where, and when?) with the pgAudit(executed commands and queries) will provide better coverage to face this implementation specification.
I can not see my queries using Excel Team plugin. I get an error enter image description here
TF8001:An error occurred while accessing the work item database. Contact the administrator
Please use the administrator account to check these:
First, please check whether the current query allows your account to access it.
click on the Shared query-->Security
Make sure that the related options are allowed.
Second, make sure that your account has access to the current work item.
Project Settings--> Project configuration
Finally if you execute the query to tfs work item database, you should contact your Administrator to add permission for your account.
After mistakenly add myself to a wrong role, I am no longer able to access "IAM & admin".
While trying to extract Big Query tables to Google Storage, I received the following error,
bq extract --compression GZIP Dataset.TableName gs://tableName_*.csv.gz
Waiting on bqjob_r4250d44ecf982a22_00000169c666b451_1 ... (23s) Current status: DONE
BigQuery error in extract operation: Error processing job 'Dataset:bqjob_r4250d44ecf982a22_00000169c666b451_1': Access Denied: BigQuery BigQuery: Permission denied while writing data.
I thought I may have a permission issue, therefore I change my role in Google Cloud. I don't remember what role I changed. It may be owner or creator.
After that, I am not able to to access the project in Big Query, as well as "IAM & Admin" page.
bq extract --compression GZIP Dataset.TableName gs://tableName_*.csv.gz
BigQuery error in extract operation: Access Denied: Project projectName: The user myemail#xxx.com does not have bigquery.jobs.create permission in project projectName.
Since I am the admin of this account, there is no other person who has the access. What options do I have to restore the access?
Thank you in advanced.
For this case, please open a case through the billing support form, and for "How can we hep?" select "other." https://support.google.com/cloud/contact/cloud_platform_billing
This way, I can follow up with you in private and get the details necessary to move forward. Please let me know once you submit the case and what your case number is so I can follow up.
Edit: For anyone else viewing this issue, the above method is just for this case and not the correct avenue of support for this problem. If you have a support package and you have this issue, please reach out through normal channels.
Thanks,
Hunter,
GCP Billing
I'm trying to run the script below in microstrategy command manager. I'm getting the error code below. Does anyone know what the issue might be and what I need to do to solve it?
Code:
LIST PROJECTS;
Error:
Syntax is correct.
(You do not have Monitor Cluster privilege that is required to perform the task.)
Task(s) execution completed with errors.
Execution Time: 00:00:00
There are a number of privileges granted directly to the user or group and not granted from a security role.
This particular privilege is one of those. Edit your user or one of the groups to which your user belongs and click “Project Access”. Scroll down to the “Administration” group and check “Monitor cluster”.
You can see more of these privileges in the Admin Supplemental guide. Those that are “server level” are granted directly to the user or group and not from a security role.