Logging each use of harness and flow action rules
Your application can create an audit record each time an operator requests either a harness form or a flow action.
Logging occurs upon initial display of the form; it does not require that the user update any fields. Your application adds a data instance to the pr_log_dataacessaudit table (corresponding to the Log-DataAccessAudit class). The instance identifies the following:
Operator ID
Harness rule or flow action rule instance
Customer work party role (if any)
Work object ID
This information enables you to support compliance auditing, reporting, and analysis. From a security standpoint, this feature lets you identify instances of unauthorized operator access to specific work objects. You can create list view rules and summary rules to report on the table instances, or export the data for analysis. This article describes how you enable the data access capability.
Enable this feature only if it is needed. Auditing increases the database workload of your application and can produce large volumes of log data.To set the audit rule access, complete the following procedure:
- Open the Display Options tab on the harness rule form, or the Security tab on the flow action form.
- In the Auditing section, select the Audit Use? checkbox.
- Select a when condition rule in the
When field.The rule is evaluated each time a user displays a work object form based on this harness or flow action rule. This when condition operates in conjunction with the activity in the Audit Activity field. If the when rule evaluates to
true
or there is no when rule, the activity is executed. - By default, the standard activity Work-.Audit is entered
in the Audit Activity field. This activity is configured
to run when a user requests a work object form based on the harness or flow
action rule (and the when condition, if not blank, evaluates to true) and to add
an instance to the Log-DataAccessAudit class. You can
modify this activity or create a similar one in your work class to meet the
needs of your application. For example, you can choose to record a role other
than the default
Customer
or add other facts about the work object. Your activity should use theObj-Save
method withWriteNow
enabled to ensure that logging occurs even when the work object is displayed but not updated. - If you build an activity that uses input parameters, click Params to provide values for each parameter.
Previous topic Monitoring security alerts and events Next topic Mitigate common (OWASP Top 10) security vulnerabilities