iConsole Audit Status column includes exempt users

Document ID : KB000097606
Last Modified Date : 22/05/2018
Show Technical Document Details
Introduction:
Exempt users are users who have a CA Data Protection account on the CMS but who are exempt from policy. That is, CA Data Protection does not monitor email, web or file activity for policy-exempt users.
Question:
When running the Standard Search in the CA Data Protection iConsole as an administrator you can see the percentage of issues reviewed in the Audit Status Column.  This percentage includes exempt users who are not eligible for review.  Therefore if a message has three participants and one is exempt and all active participants have been reviewed the Audit Status will report 66% closed.  Why doesn't this show 100% closed?
 
Environment:
CA Data Protection 15.x

 
Answer:
When a user is exempted from policy, the Data Protection code makes an entry in the "Wgn3UserPropertyValue" table, however there is no history to indicate when the user was exempted or when the exemption was revoked. If the exemption is removed the record entry is deleted.

If you send an mail with 3 participant users (1 sender,1 recipient and 1 exempt user), the email BLOB will be stored with all 3 user.
If we audit the 2 user (1 sender and 1 recipient) the Audit Status should show 100% reviewed, this is correct until the user is exempted. Once we remove the exemption for the user, then the auditing will be incorrect (for all the past dates as well) as the Data Protection code does not included this check for this auditing scenario.

The below steps demonstrate this issue.

1. Create a test group in the Data Protection User hierarchy and edit the policy to create a simple Recipient Trigger to capture all. 
2. Add users to the hierarchy Group who will be participants on a test event. 
3. Set one of the users as "Policy Exempt". 
4. Create a reviewer and add the test group to their management Group. 
5. Import the event. 
6. Log on to the iConsole as the reviewer created in step 4 
7. Review and close the event imported in step 5 
8. Log on to the iConsole as an Administrator and search for the event imported in step 5. 
9. Add in the Audit Status column to the iConsole and you will see it reports "Close 66%"