Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Logging each use of harness and flow action rules

Updated on June 30, 2021

Your application can create an audit record each time an operator requests either a harness form or a flow action.

Logging occurs upon initial display of the form; it does not require that the user update any fields. Your application adds a data instance to the pr_log_dataacessaudit table (corresponding to the Log-DataAccessAudit class). The instance identifies the following:

  • Operator ID

  • Harness rule or flow action rule instance

  • Customer work party role (if any)

  • Work object ID

This information enables you to support compliance auditing, reporting, and analysis. From a security standpoint, this feature lets you identify instances of unauthorized operator access to specific work objects. You can create list view rules and summary rules to report on the table instances, or export the data for analysis. This article describes how you enable the data access capability.

Enable this feature only if it is needed. Auditing increases the database workload of your application and can produce large volumes of log data.

To set the audit rule access, complete the following procedure:

  1. Open the Display Options tab on the harness rule form, or the Security tab on the flow action form.
  2. In the Auditing section, select the Audit Use? checkbox.
    Result: The When field and Audit Activity field (containing the default value Audit) appear.
  3. Select a when condition rule in the When field.
    The rule is evaluated each time a user displays a work object form based on this harness or flow action rule. This when condition operates in conjunction with the activity in the Audit Activity field. If the when rule evaluates to true or there is no when rule, the activity is executed.
    For example: You can configure a rule that evaluates the DeptName property on the clipboard for the value Finance. If true, the audit activity is invoked.
  4. By default, the standard activity Work-.Audit is entered in the Audit Activity field. This activity is configured to run when a user requests a work object form based on the harness or flow action rule (and the when condition, if not blank, evaluates to true) and to add an instance to the Log-DataAccessAudit class. You can modify this activity or create a similar one in your work class to meet the needs of your application. For example, you can choose to record a role other than the default Customer or add other facts about the work object. Your activity should use the Obj-Save method with WriteNow enabled to ensure that logging occurs even when the work object is displayed but not updated.
  5. If you build an activity that uses input parameters, click Params to provide values for each parameter.
    Result: The system automatically completes the following four parameter values; you do not need to complete them:
    • pyRuleKey — Handle (pzInsKey) of this harness rule.

    • pyRuleClass — Rule-HTML-Harness

    • pyRuleAppliesToClass — The Applies To key part of this harness rule

    • pyRulePurpose — The Action Name key part of this harness rule.

  • Previous topic Monitoring security alerts and events
  • Next topic Mitigate common (OWASP Top 10) security vulnerabilities

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us