System User Audit#

System User Audit overview#

The system user audit feature addresses user and service association issues in Automate. The data/User status may not be synchronized with the current services such as LDAP, Cisco UCM, Cisco Unity Connection (CUC), MS 365, Webex Teams and MS Teams assigned to users in the system at a selected hierarchy. For example:

  • Some users are absent from the system.

  • Users are not properly associated with the services present in the system.

  • Users exist without corresponding service associations.

  • Users are located at a site that is different form their associated service users.

Such issues can result in performance degradation, inaccurate workflows and incorrect license audit data.

Automate provides both a command and a scheduled action to carry out this audit and address these issues.

Note

  • The scheduled action is available only if the global system level settings for Automate called Enable or disable system user audit is enabled. By default, this setting is not enabled. The action is however available on the default System Configuration dashboard for an unscheduled run.

    When cancelling an unscheduled action, the cancelled transaction may take some time to show as done in the transaction log, but you can continue using the system.

  • To access the feature, the administrator’s Access Profile must contain Create and Read permissions for the view/SystemUserAudit model type.

See: Settings.

System User Audit command and schedule#

The System User Audit link available on the default System Configuration dashboard, License Audit Setup panel, provides an option to run a user audit or report on users and their associated services. The System User Audit Report link also lists generated report files.

Run a system user audit#

  1. Select a hierarchy: choose the hierarchy at which the task is to be carried out.

    Important

    Running the audit tool at a high level hierarchy (many users at or below) can severely impact performance. It is strongly advised to initially only run reports on hierarchies - selecting hierarchy levels with fewer users, such as at site level. The reports can then be inspected to determine the number of changes required.

    A Confirmation option prompts the administrator to first verify a task.

  2. Choose Create a Report if only a .csv file report is required for download.

    If this option is selected, no changes are made to the users and system. See also System User Audit report below.

  3. For the Confirmation dropdown, select “Yes, I confirm that the System User Audit can be run.”

  4. Click Save to carry out the task.

Note

  • System User Audit does not delete users from data/User.

  • If data/User instances are moved to align with services and more than one device is misaligned, the user is moved to the hierarchy of the device with the highest priority.

  • If the system user audit transaction fails during the processing of an individual user, the associated sub-transaction will log this and roll back that sub-transaction, while continuing to process sub-transactions for subsequent users.

System User Audit report#

Running System User Audit and can also simply create a report (Create Report checked on the input form) The generated report can be inspected to determine audit output, and is available from the list of files shown at the tool: File Management, where it can be downloaded.

The report file format is: user_audit_report _<%Y%m%d_%H%M%S>.csv

The file contains headers:

  • username

  • hierarchy

  • operation

  • issue

Schedule and automatic execution#

The system user audit can also be scheduled nightly (as part of a service) - see: License Counting process commands.

Note

When running as a service (schedule), a CSV file similar to the report is generated, labelled as user_audit_operations_executed_<timestamp>. This report allows administrators to see what operations were executed in the background every 24 hours.