Removing audit data

Removing audit data requires caution, with separate deletion rules in place for _PRD and non-_PRD tenants to safeguard information.

  • For non-_PRD tenants, the delete FAT data IFS role is needed.
  • For _PRD tenants, FAT data removal is managed through three IFS roles in addition to the delete FAT data role, with two user actions needed to complete the configuration.

Remove audit data for non-_PRD tenants

  1. On the Business Engine Field Audit Trail page, select an audit in the Audits table.
  2. Click Remove Data.
    A security role M3BE-FATAdmin-DeleteData is required for this step.
  3. Select Limit from the list.
  4. Click Save.
    • The All data Limit option removes all data with exception of latest 24h.
    • The 1 – 30 year Limit option removes all data older than selected value .
  5. In the confirmation dialog box, click Yes to confirm delete of selected audit data.
  6. An information message is displayed informing that delete audit data is in progress. Click OK. Use the Remove Data jobs option to monitor progress and view related logs.

Managing Tokens

Use the Manage Tokens tab to create or revoke tokens for _PRD tenants. The Manage Tokens tab is only available to users logged in with either of the following roles on a _PRD tenant:
  • M3BE-FATAdmin-PRD-DeleteDataToken
  • M3BE-FATAdmin-PRD-UpperLimitRuleToken
  1. On the Manage Tokens tab, a list of existing tokens is displayed.
  2. To refresh the list, click Refresh.
  3. To revoke one or more tokens, select the tokens from the list and click Revoke, then click OK.
  4. To create a new token, click Create and specify these information:
    Token type
    Select set upper limit from the list to create an Upper Limit Rule Token.
    Select delete audit data from the list to create a Delete Audit Data Token.
    Limit
    Select an option from the list.
    Note: The Limit field is visible only when Set Upper Limit is selected from the Token type list.
    Expiration time
    Specify the validity period of the token. The maximum length is 90 days.
  5. Click Create.
  6. Download the token and password.
    Note: This is the only time the token and password are available.

Create Upper Limit Rule Token

Before configuring the Upper Limit, an Upper Limit Rule Token must be created.

Use the Manage Tokens tab to create the token. This tab is available only to users logged in with the role FATAdmin-PRD-UpperLimitRuleToken on a _PRD tenant.

For detailed steps, see Managing Tokens.

Configuring Upper Limit

Use this procedure to define and approve the maximum retention period for audit data deletion.

The upper limit determines how old data must be before it can be removed from the database. This setting is required when generating a Delete Audit Data token for _PRD tenants.

To configure the upper limit, an upper limit rule token must first be created. The configuration must then be approved by another user to make it active.

The security role M3BE-FATAdmin-PRD-ConfigureUpperLimit is required to configure the upper limit. The Configure Upper Limit button is only visible if you are connected to this role.

  1. On the Business Engine Field Audit Trail page, click Configure Upper Limit.
  2. Specify the valid token and password.
  3. Click Submit.
  4. Click Approve.
  5. Click OK.

Create delete data token for _PRD Tenants

Before audit data can be removed from a _PRD tenant, a Delete Audit Data token must be created.

Use the Manage Tokens tab to create the token. This tab is available only to users logged in with the role M3BE-FATAdmin-PRD-DeleteDataToken on a _PRD tenant.

For detailed steps, see Managing Tokens.

Removing Audit Data for a _PRD Tenant

Removal of FAT data for a _PRD Tenant should be done with care, to safeguard actions from at least two different users is required. Step one is to configure upper limit for the Tenant, that is how much FAT data should be deleted/kept, this is typically done once for a Tenant and setting depends on audit rules that a certain customer must meet.

  1. Configure upper limit, this requires two different users. see separate section .
    See Managing Tokens.
    Note: This step is typically done once for a Tenant.
  2. Create a delete audit data token, see separate section
    See Managing Tokens.
    Note: User that create delete token cannot use it to remove FAT data
  3. On the Business Engine Field Audit Trail page, select an audit in the Audits table.
  4. Click Remove Data.
    Note: M3BE-FATAdmin-DeleteData security role is required.
  5. Insert delete token and password.
  6. Click Submit.
  7. The Limit set for tenant is displayed. For example, 20 years means that all FAT data older than 20 years are removed. Click Save if the Limit meets expectation.
  8. Click Yes on the dialog box to confirm the selected audit data for deletion.
  9. An information message is displayed informing that delete audit data is in progress. Click OK.
  10. Use the Remove Data jobs option to monitor progress and view related logs.

Viewing removed data jobs

Use this view to monitor and manage data deletion jobs.

You can view the status of each job and verify how many records were removed. When a job is completed, you can download a log file containing information about the deleted data.

A M3BE-FATAdmin-DeleteData security role is required for this procedure. The Remove Data Jobs button is only enabled if you are connected to this role.

  1. On the Business Engine Field Audit Trail page, click Remove Data Jobs .
  2. To download the log for a specific remove data job, click the download icon in the Download log column for the job.
  3. To cancel a remove data job, select the job from the list and click Abort.
    You can only cancel a job with a status of PENDING.
  4. To refresh the list of remove data jobs, click Refresh.