Logging each use of harness and flow action rules
Your application can create an audit record each time an operator requests either a harness form or a flow action.
Logging occurs upon initial display of the form; it does not require that the user update any fields. Your application adds a data instance to the pr_log_dataacessaudit table (corresponding to the Log-DataAccessAudit class). The instance identifies the following:
Harness rule or flow action rule instance
Customer work party role (if any)
Work object ID
This information enables you to support compliance auditing, reporting, and analysis. From a security standpoint, this feature lets you identify instances of unauthorized operator access to specific work objects. You can create list view rules and summary rules to report on the table instances, or export the data for analysis. This article describes how you enable the data access capability.Enable this feature only if it is needed. Auditing increases the database workload of your application and can produce large volumes of log data.
To set the audit rule access, complete the following procedure:
- Open the Display Options tab on the harness rule form, or the Security tab on the flow action form.
- In the Auditing section, select the Audit
Result: The When field and Audit Activity field (containing the default value
- Select a when condition rule in the
When field.The rule is evaluated each time a user displays a work object form based on this harness or flow action rule. This when condition operates in conjunction with the activity in the Audit Activity field. If the when rule evaluates to
trueor there is no when rule, the activity is executed.
For example: You can configure a rule that evaluates the DeptName property on the clipboard for the value
Finance. If true, the audit activity is invoked.
- By default, the standard activity Work-.Audit is entered
in the Audit Activity field. This activity is configured
to run when a user requests a work object form based on the harness or flow
action rule (and the when condition, if not blank, evaluates to true) and to add
an instance to the Log-DataAccessAudit class. You can
modify this activity or create a similar one in your work class to meet the
needs of your application. For example, you can choose to record a role other
than the default
Customeror add other facts about the work object. Your activity should use the
WriteNowenabled to ensure that logging occurs even when the work object is displayed but not updated.
- If you build an activity that uses input parameters, click
Params to provide values for each parameter.
Result: The system automatically completes the following four parameter values; you do not need to complete them:
pyRuleKey — Handle (
pzInsKey) of this harness rule.
pyRuleClass — Rule-HTML-Harness
pyRuleAppliesToClass — The
Applies To keypart of this harness rule
pyRulePurpose — The
Action Name keypart of this harness rule.
Previous topic Monitoring security alerts and events Next topic Mitigate common (OWASP Top 10) security vulnerabilities