I am trying to find a report or have one made that will audit the user roles within vcenter. This is for compliance needs and my company is saying vRealize but I know VMTurbo could do this. Any help would be much appreciated. thank you.
This would require an external query into the vCenter database that VMTurbo does not tap and is outside our value prop. The data is there from the VC Apis and is then rolled into the database for long term tracking but we don't pull this info...(only users logging into VMTurbo itself as Sarah describes above). I want to be more specific because you should not pay for additional tooling to solve something that you can do with one of your DBAs in a couple hours worth of work
Have someone on your team write a simple SQL query into the VC DB table called VPX_ACCESS using SQL management studio or any other SQL software. This will list all users and permissions and can be run for historical data. Here are some instructions: http://www.vhersey.com/2013/05/manually-adding-a-user-with-the-administrator-role-to-the-vcenter-vpx_access-table/
The next VC DB table that you will need is called VPX_TASK. This will show the user logins, as well as begin times and completion times for each user. Here are some instructions on how to query it: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009075
Here is a more general KB that describes the best practices for granting DBA access to the VC Database: https://blogs.vmware.com/kb/2013/02/determining-which-users-are-available-to-log-into-vcenter-server.html
We can always put this data into a format that VMTurbo digests but this would be additional work that you don't need to do if you query the DB tables themselves, and wouldn't add any value to VMTurbo's decision making.
In short, you can do it for FREE without us or vRealize!!!
Does this help?
Good morning Matt,
Thank you for reaching out to us! Have you tried creating a custom dashboard for the Audit Log within VMTurbo? This full audit log shows actions taken and by whom. You can create one just for that, slide the timeframe back 60 days and then save a custom report for that dashboard. Once created, you can then schedule the report to be run regularly within VMTurbo or have it emailed to you or a distribution list. Please see the infographic below and let us know if you need further assistance.
1. Click on the green plus sign to create a new dashboard
2a. Drag and drop the Audit Log panel into the new dashboard
2b. Save using the "floppy disk" button
3. Drag the timeframe out from "now" to "60 days" or preferred timeframe (Do NOT Save the dashboard after dragging out the timeframe before saving report)
4. Click on the Adobe PDF icon to save the report, save with desired name
5. Go to reports view, select report and generate preferred schedule and delivery method
All the best,Sarah
this is a really great report, thank you! What I am looking for is more "user based roles" audit reporting. Who has access? When they logged in? etc, etc. Does VMTurbo report on this? thanks.
My apologies for the delayed response. We have a report for this in VMTurbo and it's included below. Another colleague is providing additional detail on what you're looking for in another response, please let me know if there's anything else I can do to assist.
Action and Login Audit Report - SQL Query
Thank you everyone! I did this and it worked the way we needed it.
Retrieving data ...