Debugging a security session: Example

This is an example of how to create a report that provides debug-level authorization details about a particular user.

  1. Access the Security Administration Console and select System Management > Security Logger > Security Logger Settings.
  2. In the Producer field, select SecurityLogger (authorization).
  3. Clear out old messages for the SecurityLogger.
  4. Double-click the selected producer (SecurityLogger).
  5. For Log Level, select DEBUG.
  6. Run your scenario, for example, a list of Actors.
  7. Select the SecuritySessionDebug record and double-click it.
    Security Session Debugger for authorization

    The Security Requests column shows:

    • Prediction for user objects on securable objects. UI form->Action requests.

    • Prediction for object type: All accessible securable objects of the specified type.

    • Condition: Collects all securable object conditions. This is used at the database level to filter out records.

    • Evaluation: Evaluates conditions on a securable object with specified data.

    The Result column shows the user's access for the Request Type.

  8. From the list, select a record for which you want to view details.
    Drilling into a security session debugger record
  9. On the Security Request dialog box, click View Log. Detailed information appears on the screen. Following is a snip showing the types of information that is in the details file. 
    non_Grid: 645089753: SecurityRequest->boActionPeriod = null due to ActionPeriodFlag=OFF
non_Grid: 645089753: ======== executeCondition() new[612401751]: securable object = Actor , cnd =  (Actor = actor), returns false, ElapsedTime = 61989, class=BasicProductLineAccess_ST
non_Grid: 645089753: 	 Sec eval - Direct for (Actor_357) in class=BasicProductLineAccess_ST is : ACCESS_DENIED
non_Grid: 645089753: 	 Sec eval - Direct for (Actor_357) in class=ProcessServerAllAccess_ST is : ACCESS_ALLOWED
non_Grid: 645089753: 	 Sec eval - Direct for (Actor_357) in class=ProxyGrantorAccess_ST is : ACCESS_ALLOWED
non_Grid: 645089753: 	 Sec eval - Direct for (Actor_357) in class=ProxyAdminAccess_ST is : ACCESS_ALLOWED
non_Grid: 645089753: 	 Sec eval - Direct for (BusinessClass_479) in class=AllGenAccess_ST is : ACCESS_ALLOWED
non_Grid: 645089753: 	 Sec eval - Direct for (Actor_357) in class=DataAreaAdminAccess_ST is : ACCESS_ALLOWED