Apr 29, 2020 02:15 AM
Hi,
I think you are on the right track here. You could use the "Failed Request Tracing" feature to log who tried accessing and got rejected by the webserver. However, if you run Windows authentication, I guess most domain users should be authenticated against the webserver successfully. Only FNMS would then present a "insufficient rights" page instead of the dashboard. I am not sure if this behaviour is logged somewhere.
As there is really no logout button in FNMS on prem, trying to comply with security standards, you could at least limit the "time-out" value for the session cookie.
Best regards,
Markward
Apr 29, 2020 02:46 AM
Hello @sibusison,
You are correct, ComplianceOperator's 'LastLogin' and 'LastLogout' are not populated for On-Premises implementations, because FNMS relies on Windows Authentication.
You could perhaps track the date/time that requests are sent to FNMS, but clearly that would be very heavy to manage.
There is a 'LastActive' field under ComplianceOperatorAudit, I'm not sure if that would be of any use?
SELECT co.ComplianceOperatorID, co.OperatorLogin, coa.LastActive FROM ComplianceOperator co
LEFT JOIN ComplianceOperatorAudit coa ON co.ComplianceOperatorID = coa.ComplianceOperatorID
ORDER BY co.OperatorLogin ASC
My understanding is that this will be updated whenever an operator makes a change that is recorded on the History tab for any object in FNMS (anything that creates an associated record in ComplianceHistory_MT).
HTH,
Joseph
Apr 29, 2020 02:46 AM