Configuring database change tracking

The database change tracking process allows us to track changes to records or fields on the records, including who made the change. It's also integrated in the electronic signature feature.

Database change tracking will add load to the AX and SQL servers, so we should only log what is required. It is typically used for compliance management, and there are a few standard items that are often tracked:

  • Supplier's bank accounts, especially if electronic banking is used
  • Customer credit limits
  • Customer credit card changes—be careful of the credit card number compliance (for example, PCI compliance)
  • Customer price groups
  • BOM approvals
  • Route approvals

Tip

Tracking doesn't necessarily prove that an individual actually made the change, but just that it was made under their user login. It is possible that someone else could have used their computer. To ensure that the key audit data is tracked against the actual user who made the change, you should use the electronic signature feature.

You should check with your legal department that the data you intend to track complies with the data protection and retention policies.

Getting ready

Launch AX with an account with system administrator privileges.

How to do it...

To configure database change tracking, follow these steps:

  1. Navigate to System administration | Setup | Database | Database log setup.
  2. On the Database log setup form, click on New.
  3. On the Logging database changes wizard form, click on Next.

    Note

    The system will now build a list of main tables, which are grouped by their configuration keys.

  4. Expand the group where the table resides (for example, CustTable will be within General ledger). The tables will be displayed by their label and not by their name. So, CustTable will be shown as Customers, as seen in the following screenshot:
    How to do it...

    Note

    If the table you wish to log is not present in this list, click on Show all tables.

  5. Mark each table and/or fields (which show the actual field names and not the labels) within each table that should be tracked and click on Next.

    Note

    If you wish to track the insertions, customer's deletions, and specific changes to the credit limit, rating, and bank account, you should check Customers, Bank account, Credit limit, and Credit rating.

  6. On the Types of change tab, you can check the changes you wish to track. The fields are now displayed as their field labels as shown in the following screenshot:
    How to do it...

    Note

    You can choose between tracking the changes for all fields by checking at the table level or just the fields selected in the earlier step. Wherever possible, do this at the field level; otherwise, a lot of unnecessary data is stored and adds workload to the system.

  7. Once you have completed this, click on Next.
  8. On the final page, review the changes and click on Finish.

How it works...

The tracking process operates at the kernel level, which means no X++ code is executed, and cannot be modified in the development environment, which is by design.

As the xRecord (base class for all tables) object is updated, the system checks the rules in Database log setup and writes a log of the current and previous values, as configured.

The log values can then be viewed in the Database log (located in System administration | Inquiries | Database).

You can delete all but the signed records from the log. You should, therefore, ensure that the access to this table is considered as part of your security design.

There's more...

As stated earlier, the tracking of the change only proves that the change was done by the logged on user account. To ensure that the change was done by a specific person, electronic signatures should be used.

The electronic signature has built-in support for BOM, Route, and work order approvals; but you can specify most of the fields in AX to require a signature.

In this example, we will enforce that the signature is required for the Credit limit field on the Customer form.

  1. Open the form by navigating to Organization administration | Setup | Electronic Signature | Electronic signature parameters. The form is as shown in the following screenshot:
    There's more...
  2. Enter a general notice in the Notice field that will appear for all the items requiring a signature. Use the Translations button if you are operating in multiple languages.
  3. Check Require comments if you want all the signatures to have a user comment about the change.
  4. If you wish the form to automatically close after a number of seconds (for example, 30 seconds), use the Signature timeout field. I would recommend this, as the record is locked while the form is open.

    Note

    When we make a necessary change, AX will display a form asking for our electronic signature and abort it once the time-out is reached.

  5. If you require an alert, select the user account from the Signature alert recipient field.
  6. Close the form.
  7. Open another form by navigating to Organization administration | Setup | Electronic Signature | Electronic signature requirements.
  8. Click on New.
  9. Enter a name (for example, Customer Credit Limit for the signature) and click on Properties.
  10. Select or enter the table name (for example, CustTable for the Customers table).
  11. Select or enter the field name (for example, CreditMax for the credit limit).
    There's more...

    Note

    You will notice that some fields are disabled once a field is selected. The signature can be used to track table insertions and deletions, but this should be used carefully and only on key data (for example, vendors' bank account data).

  12. The system will automatically select When a record is updated:. This is the only choice, so leave this checked and click on OK.
  13. Check Signature required on the Electronic signature requirements form and close the form.

    Note

    The database log setup record for credit limit will be marked with Signature controlled. You will not be able to delete the database log entries that are signature controlled. These records can still be deleted from within the SQL Server and must be considered in the security design.

  14. Any user who updates a record and requires a signature must create a signature for themselves. This is done from the User Options form by navigating to File | Tools | Options.
  15. On the General tab, navigate to Electronic Signature | Get Certificate and a dialog box appears, as shown in the following screenshot:
    There's more...
  16. Enter Password and Repeat password as requested and click on OK.

    Note

    This password must be compliant with your Windows password policy requirements; otherwise, the following error message is shown:

    Password validation failed. The password does not meet Windows policy requirements because it is not complex enough.

  17. If you wish to act as a designated approver for another user, use the Designate approver option.
  18. Close the User Options form.

    Note

    For the change to be effective, all users must reopen their AX clients; given the importance of the change, you should schedule an AOS restart to ensure all the users have logged out of AX.

When a user tries to change the credit limit of a customer, they are shown the following confirmation form:

There's more...

After clicking on OK, they are asked to enter their Password, as shown in the following screenshot:

There's more...

To review the database log entries, including the signature log, open the Database log form from System administration | Inquiries | Database.

For all the tables that track electronic signatures, the Signature Review button will be enabled. The following screenshot is an example of a change to Credit Limit, from the example used in this recipe:

There's more...
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.109.75