User-based auditing
The Infor Landmark system enables easier examination and analysis of user activity, including changes made and data viewed, over a specific time period across the entire product. You can accomplish this function by storing user-based audit log header entries and user-based view log entries in the AuditLogEntry business class. The key fields that are stored enable you to locate specific records if necessary.
These are the user actions that are logged:
- Audited business classes
- Online user transactions
- Infor Spreadsheet Designer transactions
- Creating a PDF or CSV document
- Web service transactions
- User's viewed list or form
These are the user actions that are not logged:
- Non-audited business classes
- Batch transactions
- Select action
- Paging on a list
Note: Paging a list creates an entry only on the first access.
When the AuditLogEntry business class has been populated, you can view its contents in these ways:
- The Audit Entries form in the Administration Console. This form shows the list of audit entries. Note that searches with this form may be slow. You can use the Instance Selection field to obtain the keys to single record views. On the Audit Entries List, you can use the View Source action to redirect to the list that is on the entry or to a form for the record that created the entry, if the record still exists.
- The Change Analysis and View Analysis forms in the Administration Console. These forms provide multiple ways to search for and view audit entries. For viewing the base audit log entries sections, replication to columnar is not required. However, to use dashboards, master views, and console views in the reports, analytics, and metrics sections, you must replicate the AuditLogEntry business class to a columnar table.
See Reports, analytics, and metrics.
When setting up the replication set for the AuditLogEntry business class, you must select the Enable Indicator Replication check box and select the indicator field to use.See Implementing Columnar Tables.
Note: The Landmark applications include delivered replication sets designed for replicating the AuditLogEntry business class to columnar or to the Infor Data Lake. - The Infor Data Lake. To view audit log entries in the Infor Data Lake, you must use data replication of the AuditLogEntry business class to that repository. When setting up the replication set for the AuditLogEntry business class, you must select the Enable Indicator Replication check box and select the indicator field to use. If you are replicating the AuditLogEntry business class to both the Infor Data Lake and a Columnar table, you must use a different indicator field for the different replication sets.
- Standard database tools.
To optimize performance and reduce data storage costs, AuditLogEntry records are purged regularly. A maintenance request is delivered for each data area every week to automatically remove older records. Retention periods vary by record type:
- Framework type records are purged after 180 days.
- Non-Framework type records are purged after 30 days or immediately if fully archived.
To implement user-based auditing, you can use several configuration parameters in the AuditLogEntry category or component. All of these are set in the tenant environment data area.
This table shows the configuration parameters that you can use for user-based auditing:
| Component | Parameter key | Description |
|---|---|---|
| AuditLogEntry | CreateAuditLogEntryRecords | If set to true, the AuditLogEntry business class is created and populated with the key fields for audit log entries that are for online user transactions and Infor Spreadsheet Designer web service transactions. Although you set this parameter only in the environment data area, a separate AuditLogEntry business class is created in each data area. |
| AuditLogEntry | CreateViewLogEntryRecords | If set to true, the AuditLogEntry business class is created and populated with the key fields for audit log entries that are for user-viewed lists and forms. To create audit log entries from web service calls, include &_clientType=UI in the URL. Although you set this parameter only in the environment data area, a separate AuditLogEntry business class is created in each data area. |
| AuditLogEntry | IncludeListFormFieldsViewed | If set to true, the default behavior is changed for the CreateViewLogEntryRecords parameter. The default behavior for that parameter is to not include the list of fields unless the form or list name is not available, which can occur if the form or list is accessed programmatically. The IncludeListFormFieldsViewed parameter enables you to include the list of fields whether the form or list name is available or not. |
| AuditLogEntry | IncludeNonListFormFieldsViewed | If set to false, the default behavior is changed for the CreateViewLogEntryRecords parameter. The default behavior for that parameter is to include the list of fields when the form or list name is not available, which can occur if the form or list is accessed programmatically. The IncludeNonListFormFieldsViewed parameter enables you to exclude the list of fields whether the form or list name is available or not. |
| AuditLogEntry | AuditLogEntryActions |
If set to false, the creation of AuditLogEntry records is disabled for framework business classes, including those used for Configuration Console, security, and replication sets. The default value is true. Framework business classes are audited by default unless turned off by using this parameter. |
| AuditLogEntry | DisableActionRedirect | If set to true, users are prevented from using the View Source option to be redirected to the list associated with an entry or to a form of the record that created the entry. |