Show TOC

Procedure documentationAuditing Object Changes Locate this document in the navigation structure

 

Objects can be changed by users and this is a potential cause of havoc. To allow you to trace and easily revert changes, the auditing module was introduced. The auditing module allows you to set up rules which will either trace changes on objects only, referred to as Diff only, or trace changes and revert, referred to as Full auditing.

Note Note

The Active Auditing Module requires the Module.Auditing license key to be present in your license.

End of the note.

Note Note

Under certain circumstances, you will receive audits for objects you are not directly auditing. For example, if you audit submit frames only and add a submit frame element which is defined by a time window, you will receive audits for this time window as well as the submit frame. When you change the time window, you change the submit frame, indirectly.

End of the note.

Object auditing does not apply when the system makes a change.

Examples of where the system makes a change are:

  • Automatically submitted job definitions, with wait events for example

  • Changes to configuration as the result of running system jobs the System_ConfigureMail or SAP_ImportCcmsMonitors for example

When an audited object has been modified, it will get a new tab in the editor named Audit trail, which allows you to quickly undo any changes.

Actions

Audit Rules support the following actions:

Action

Description

Export

Export the audit rule into a CAR file

Edit

Edit the audit rule

Edit Security

Edit the security of the audit rule

Delete

Delete the audit rule

Duplicate

Make a copy of the audit rule to create a similar one

Expand All

Expand all audit rules in the current filter

New

Create a new audit rule

Filter > New Filter

Create a new audit rule filter

Filter > Edit Filter

Edit current audit rule filter

Filter > Delete

Delete current audit rule filter

The actions are available for audit entries in the Audit Trail:

Action

Description

Restore to before change

Undo the selected and all subsequent changes

Restore to after change

Undo all subsequent changes to the object; in other words restore the object to the state it was after the selected change

Expand All

Expand all audit trail entries in the current filter

Filter > New Filter

Create a new audit trail filter

Filter > Edit Filter

Edit current audit trail filter

Filter > Delete

Delete current audit trail filter
Finding Audit Entries

You can search for audit entries using the Search Audit Entries box located under your username on the top right-hand side of the user interface. This is known as intelliSearch and allows you to specify complex queries in a simple way using prefixes. Prefixes are used to specify which property you are searching in and have short and long syntaxes. For example, if you want to display all audit entries created between 2:05 PM and 2:06 PM, you would use the search criteria as follows:

t:14:05-14:06

You can search more than one property, as follows:

t:14:05-14:06 u:jdoe

Note Note

No spaces should be entered before or after the colon (:).

End of the note.

See the Advanced Object Search for more information.

The following table illustrates the available prefixes for audit entries:

Prefix

Description

t, time

creation time

o, object objecttype

object type (case sensitive)

k, key businesskey

business key

a, action

action, specify the code C=Created, M=Modified, D=Deleted

u, user

user

l, level

audit level, specify the level 1=Diff only, 2=Full audit

There are different ways of searching by time:

  • hh:mm - without a range, the default range is +/- 15 minutes.

  • hh:mm:ss - without a range, the default range is +/- 1 minute.

  • hh:mm-hh:mm or hh:mm:ss-hh:mm:ss - range is from start time to end time.

Reverting a change

You can freely revert a change and, even if this was a mistake, you can revert back to the change again. The following actions have been introduced:

  • Restore to before change

  • Restore to after change

Note Note

These two actions are also available via scripting via the methods restoreBefore and restoreAfter on the AuditObject object.

End of the note.

These actions are only visible if there is a record for before and after the change respectively:

  • Object Created - only Restore to after

  • Object Modified - Both before and after

  • Object Deleted - only Restore to before

Security

Privilege

Description

AuditingRule.Create

Create auditing rules

AuditingRule.Delete

Delete auditing rules

AuditingRule.Edit

Edit auditing rules

AuditingRule.View

Access auditing rules

You can grant privileges on two levels, Access and Admin; a privilege granted on Admin level allows the grantee to grant the privilege to other users. These privileges can be granted system-wide, per partition or isolation group.

If you have the security module, which requires the Module.Security license key, you have an additional Security tab on the auditing rule. It allows you to specify which users can access, edit, and delete the auditing rule.

Procedure

Create an audit rule

  1. Navigate to   Auditing → Audit Rules  .

  2. Choose New from the context menu.

  3. Select an object type in the Rule Object Type and a Level.

  4. Specify optional match criteria, refer to the Values section below.

  5. Choose Save & Close.

Revert a change

  1. Navigate to   Auditing → Audit Trail  .

  2. Choose Revert to before change from the context menu of the audit entry you would like to revert.

Values

Field

Description

Values

Rule Object Type

The type of object you want to audit

Level

The level of auditing you want, full audit allows you to revert changes

Diff Only Full Audit

Name Reg Ex

(optional) A regular expression pattern that is used to match object names

Application

(optional) The application the object resides in

Application Rule

Rule that allows you to match objects based on their application.

All Applications - Will match an object if it has an application or not Exact Application - Will match objects which have the application specified (for this option, the Application field is mandatory) No Application - Will match an object, if it has no application Any Application - Will match an object, if it has an application Sub Application - Will match an object, if its application is a child application of the application specified in the Application field (for this option, the Application field is mandatory)

Enabled

When this is checked, the rule is enabled.

Example

Revert changes made to a job chain

  1. Navigate to   Auditing → Audit Rules  .

  2. Choose New from the context menu.

  3. Select Job Chain as the Rule Object Type and Full Audit as the Level.

  4. Fill JCprdFin.* into the Name Reg Ex field.

  5. Fill Finance into the Application field.

  6. Select Exact Application in the Application Rule drop-down.

  7. Choose Save & Close.

  8. Navigate to   Definitions → Job Chains  .

  9. Choose New, in the new window choose the Job Definition tab and fill JCprdFinQtrRep into the Name field.

  10. Choose Save.

  11. Leave the editor window without closing it, return to the main window and navigate to   Auditing → Audit Trail  . Notice the new entry for for the creation of the job chain, choose Refresh from the context menu if you do not see the new entry.

  12. Return to the job chain editor window, add a step and a job with the System_Info job definition.

  13. Choose Save & Close.

  14. In the main window, notice the new entries in Audit Trail, choose Revert to before change from the context menu of the Modified entry of the job chain.

  15. Navigate to   Definitions → Job Chains   and inspect it, notice that the step and the job have vanished.