Startseite > Allgemein > Inside SharePoint Secure Store Service (SSS) Database, Auditing, SSS Activity

Inside SharePoint Secure Store Service (SSS) Database, Auditing, SSS Activity

TSQL Experten lieben SharePoint 2010. Dort gibt es viel mehr Datenbanken als in 2007 mit jeder menge nützlichen Informationen..so auch in der SSS Datenbank

Was ist SSS:
The Secure Store Service replaces the Microsoft Office SharePoint Server 2007 Single Sign On feature. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It enables you to securely store data that provides credentials required for connecting to external systems and associating those credentials to a specific identity or group of identities. The SSS Database provides storage and mapping of credentials such as account names and passwords.

image
DB Schema of Secure Store Service DB

Additional Information for the DB can be found here: [MS-SSDPS]: Secure Store Database Protocol Specification

The DB can log informations for troubleshooting and compliance purposes. THIS IS NOT SUPPORTED AND ONLY FOR DEV-ENVIRONMENTS.

HowTo enable DB-Auditing:
1. Connect with SQL Server Management Studio (SSMS) to Secure_Store_Service….DB
2. Run following command:  UPDATE dbo.SSSConfig SET EnableAudit = 1
3. Open DOS-Box and run: IISRESET /NOFORCE
4. Audit Data should now be logged to table dbo.SSSAudit
5. You can run following query or create as VIEW for easier analysis of this table:

SELECT TOP 1000
       [AuditDateTime]
      ,[UserIdentityClaimType]
      ,[UserIdentityClaimValue]
      ,[UserIdentityClaimIssuer]
   –   ,[ActionType]
      ,[ActionTypeText] = CASE [ActionType] 
                           WHEN 101 THEN ‚A target application has been created.‘
                           WHEN 103 THEN ‚A target application has been updated.‘
                           WHEN 105 THEN ‚A target application has been deleted.‘
                           WHEN 107 THEN ‚The user claim (2) for an individual target application has been retrieved.‘
                           WHEN 109 THEN ‚The group claims (2) for a group target application has been retrieved.‘
                           WHEN 111 THEN ‚The claims (2) for the group of SSS users that are administrators for a target application have been retrieved.‘
                           WHEN 113 THEN ‚The claims (2) for ticket redeemers for a target application have been retrieved‘
                           WHEN 115 THEN ‚The definition for a target application has been retrieved.‘
                           WHEN 117 THEN ‚The fields for a target application have been retrieved.‘
                           WHEN 119 THEN ‚The definitions for all target applications have been retrieved.‘
                           WHEN 121 THEN ‚The credentials for an SSS user have been set.‘
                           WHEN 123 THEN ‚The credentials for a group target application have been set.‘
                           WHEN 125 THEN ‚The credentials for an SSS user for a target application have been deleted.‘
                           WHEN 127 THEN ‚The credentials for an SSS user for all target applications have been deleted.‘
                           WHEN 128 THEN ‚An SSS ticket was issued.‘
                           WHEN 130 THEN ‚An SSS ticket was redeemed.‘
                           WHEN 132 THEN ‚The credentials for an SSS user have been retrieved.‘
                           WHEN 134 THEN ‚The restricted credentials for an SSS user have been retrieved.‘
                           WHEN 136 THEN ‚A SSS user has set his/her own credentials in the SSS store.‘
                           ELSE CAST([ActionType]   as nvarchar(100))
                            END
      ,[ActionResultCode]
      ,[ApplicationName]
      ,[PartitionId]
      ,[SubscriptionId]
      ,[Info1]
      ,[Info2]
      ,[Info3]
      ,[Info4]
      ,[Info5]
      ,[Machine]
  FROM [dbo].[SSSAudit]
  order by AuditDateTime DESC

Kategorien:Allgemein Schlagwörter: , , ,
  1. 21. Juni 2011 um 18:38

    Great article!

    Here you find another solution using secure store services with SAP und ERPConnect:
    http://www.parago.de/2011/04/how-to-use-sharepoint-2010-secure-store-as-single-sign-on-service-for-sap-applications-using-erpconnect/

    • 22. Juni 2011 um 10:48

      Hi Jürgen,
      nice to know that the article is helpfull for others😉
      Your link also sounds interesting, but unfortunately the link to your blog arcticle only redirects to homepage!?
      Cheers,
      Jochen

  2. Djeepy1
    24. September 2013 um 16:34

    I got ActionType 140, do you know what it means ?

  1. No trackbacks yet.

Schreibe einen Kommentar

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

%d Bloggern gefällt das: