Variables available in audit notification channels
Access Manager provides a comprehensive set of variables you can use in your audit notifications.
See the guides on PowerShell auditing scripts and HTML and JSON audit templates to learn how to use these variables in your audit scripts and templates.
Global properties
| Property | Format/Type | Description |
|---|---|---|
| string | The current date and time, in local server time |
| string | The current date and time, in UTC time |
Request element
This group of attributes represents the incoming request
| Property | Format/Type | Description |
|---|---|---|
| string | The name of the target that the user requested access to |
|
| The type of resource the user requested access to |
| string | The reason that the user provided when requesting access |
| IPv4 or IPv6 address string | The IP address of requestor |
| string | The host name of the requestor, if available via reverse DNS lookup |
| TimeSpan | The requested duration of access |
Response element
This group of attributes represents the result of the access evaluation
| Property | Format/Type | Description |
|---|---|---|
| string | The name of the target that the access request was evaluated against |
|
| The type of resource that was evaluated |
|
| Indicates if access was granted to the resource |
|
| Indicates if access was denied to the resource |
| string | A comma-separated list of audit channels IDs that apply to this access response |
| string | The ID of the authorization rule that was used to make the access decision |
| string | The 'description' field from the authorization rule that was used to make the access decision |
| TimeSpan | The duration of time that access was granted for |
|
| The result of the authorization decision. Codes other than |
|
| The type of access that was granted |
| string | The friendly name of the type of access that was granted |
| DateTime | The date and time when the user's access will expire, expressed in local server time |
| string | A user-friendly message describing the outcome of the access decision |
User element
This group of attributes represents the user who performed the access request
| Property | Format/Type | Description |
|---|---|---|
| string | The |
| string | The user's username in |
| string | The display name of the user |
| string | The user's security identifier |
| string | The user's email address |
Role element
If the authorization request was for a role, then this property will be populated with information about the role authorization rule
| Property | Format/Type | Description |
|---|---|---|
| string | The name of the role |
| string | The description of the role |
| TimeSpan | The maximum amount of time that the user can request for the role according to the authorization rule |
Computer element
If the authorization request for a computer, then this property will be populated with information about the computer
| Property | Format/Type | Description |
|---|---|---|
| string | The short name of the computer |
| string | The description of the computer |
| string | The name of the computer in |
| string | The computer's DNS host name, if known |
| string | The computer's display name |
| string | A unique identifier for the computer |
| string | The computer's security identifier |
|
| The authoritative directory where this computer is located |
| string | The ID of the authority where the computer is located |
| string | The unique ID for the device, specific to the device's authority |
Last updated