Pega Platform maintains a historical record of changes to certain data classes and rule types. You can use this history to diagnose system issues and to demonstrate compliance to internal and external auditors.
For example, you can record the application rule name that is referenced in an access group each time a user updates the Access Group form and adds, changes, or deletes an application rule name.
The security audit capability supports change auditing for sensitive fields on selected rule or data objects.
The details of each change are displayed in the History Details section and are summarized in several standard reports.
When enabled, each save operation on a rule instance or data instance (whether through a form or through an activity) triggers a standard activity. The activity compares the current values of the tracked properties with their previous values, and writes a history detail instance for each value that was added, deleted, or updated.
The history detail identifies the following items:
- The property name
- The values added (if any are added)
- Changed values (the from value and the to value) (if any change)
- The deleted values (if any are deleted)
For aggregate properties, the history detail identifies the following items:
- Two entries when a value is changed: one entry about deleting the prior value and another about adding the new value.
- Only one level of nested PageList mode properties, because only one level is supported. Nested PageGroup mode properties are not supported.
The system saves rule changes as an instance of the History-Rule class. Changes to data instances are saved in an instance of a subclass of the History-Data- class. For example, the system records changes to access groups ( Data-Admin-Operator-AccessGroup ) in instances of the History-Data-Admin-Operator-AccessGroup class.
- Auditing field-level changes to security rule and data instances
By simply creating a model and a trigger rule, you can generate history memos that automatically audit field-level changes to both rules and data instances. For example, you can create a model and trigger that will track changes to user RuleSet lists in an access group. Pega Platform™ also provides preconfigured reports to collectively view the history data.
- Extending the security auditing feature to record changes to additional properties
Pega Platform auditing can be extended to other properties such as a Page List and a Single Value property.