Resolve wrong admin assignments in temp permissions reports
Overview
A problem has been reported where under certain circumstances an incorrect Admin name, possibly from another tenant, would appear in the revision logs. Upon investigation, it was found that in older versions, revision entries for temporary device permissions had the admin name associated with both the grant event and the expire event. In version 23, some improvements have been made to the revision logs, with the intention that the expire events for a temporary privilege will show that the action was taken by "Auto", rather than by the Admin who originally granted the privilege. When upgrading from older installations to version 23, this may have caused the wrong admin name to be displayed in some cases (even from other tenants). With version Endpoint Data Protection 25.0, a fix is introduced so that any temporary device permission will now correctly show "Auto" in the revision log when it expires. As this fix only applies to future events, you may want to check if you are affected and fix the incorrect assignments, and you will find SQL scripts for both scenarios in the article below.
SQL Scripts
You may want to check if you are affected and fix the incorrect assignments, and you will find SQL scripts for both scenarios below:
Script for detection
With the following SQL Script you can detect if your environment is affected and has corrupted revision log entries:
DECLARE @date DATETIME SELECT TOP(1) @date = DATE_SET FROM [EgoSecure].[dbo].[REVISION] WHERE CHANGES LIKE 'v2,%<empty>%' ORDER BY DATE_SET ASC SELECT @date SELECT * FROM [EgoSecure].[dbo].[REVISION] WHERE CHANGES LIKE '%,temp,0,%' AND TYPE_GET=2 AND RULE_SET=1 AND ACTION=1 AND DATE_SET = DATE_GET AND EDITED_BY <> 'Auto' AND EDITED_BY <> 'AutoSync' AND DATE_SET > @date
Script for correction
SQL Script to correct affected entries to show Auto:
DECLARE @date DATETIME SELECT TOP(1) @date = DATE_SET FROM [EgoSecure].[dbo].[REVISION] WHERE CHANGES LIKE 'v2,%<empty>%' ORDER BY DATE_SET ASC SELECT @date UPDATE [EgoSecure].[dbo].[REVISION] SET EDITED_BY = 'Auto' WHERE CHANGES LIKE '%,temp,0,%' AND TYPE_GET=2 AND RULE_SET=1 AND ACTION=1 AND DATE_SET = DATE_GET AND EDITED_BY <> 'Auto' AND EDITED_BY <> 'AutoSync' AND DATE_SET > @date