The database change tracking process allows us to track changes to records or fields on the records, including who made the change. It's also integrated in the electronic signature feature.
Database change tracking will add load to the AX and SQL servers, so we should only log what is required. It is typically used for compliance management, and there are a few standard items that are often tracked:
- Supplier's bank accounts, especially if electronic banking is used
- Customer credit limits
- Customer credit card changes—be careful of the credit card number compliance (for example, PCI compliance)
- Customer price groups
- BOM approvals
- Route approvals
Tip
Tracking doesn't necessarily prove that an individual actually made the change, but just that it was made under their user login. It is possible that someone else could have used their computer. To ensure that the key audit data is tracked against the actual user who made the change, you should use the electronic signature feature.
You should check with your legal department that the data you intend to track complies with the data protection and retention policies.
To configure database change tracking, follow these steps:
- Navigate to System administration | Setup | Database | Database log setup.
- On the Database log setup form, click on New.
- On the Logging database changes wizard form, click on Next.
- Expand the group where the table resides (for example,
CustTablewill be within General ledger). The tables will be displayed by their label and not by their name. So,CustTablewill be shown as Customers, as seen in the following screenshot:
- Mark each table and/or fields (which show the actual field names and not the labels) within each table that should be tracked and click on Next.
- On the Types of change tab, you can check the changes you wish to track. The fields are now displayed as their field labels as shown in the following screenshot:
- Once you have completed this, click on Next.
- On the final page, review the changes and click on Finish.
The tracking process operates at the kernel level, which means no X++ code is executed, and cannot be modified in the development environment, which is by design.
As the xRecord (base class for all tables) object is updated, the system checks the rules in
Database log setup and writes a log of the current and previous values, as configured.
The log values can then be viewed in the Database log (located in System
administration | Inquiries | Database).
You can delete all but the signed records from the log. You should, therefore, ensure that the access to this table is considered as part of your security design.
As stated earlier, the tracking of the change only proves that the change was done by the logged on user account. To ensure that the change was done by a specific person, electronic signatures should be used.
The electronic signature has built-in support for BOM, Route, and work order approvals; but you can specify most of the fields in AX to require a signature.
In this example, we will enforce that the signature is required for the Credit limit field on the Customer form.
- Open the form by navigating to Organization administration | Setup | Electronic Signature | Electronic signature parameters. The form is as shown in the following screenshot:
- Enter a general notice in the Notice field that will appear for all the items requiring a signature. Use the Translations button if you are operating in multiple languages.
- Check Require comments if you want all the signatures to have a user comment about the change.
- If you wish the form to automatically close after a number of seconds (for example, 30 seconds), use the Signature timeout field. I would recommend this, as the record is locked while the form is open.
- If you require an alert, select the user account from the Signature alert recipient field.
- Close the form.
- Open another form by navigating to Organization administration | Setup | Electronic Signature | Electronic signature requirements.
- Click on New.
- Enter a name (for example, Customer Credit Limit for the signature) and click on Properties.
- Select or enter the table name (for example,
CustTablefor the Customers table). - Select or enter the field name (for example,
CreditMaxfor the credit limit).
- The system will automatically select When a record is updated:. This is the only choice, so leave this checked and click on OK.
- Check Signature required on the Electronic signature requirements form and close the form.
- Any user who updates a record and requires a signature must create a signature for themselves. This is done from the User Options form by navigating to File | Tools | Options.
- On the General tab, navigate to Electronic Signature | Get
- Enter Password and Repeat password as requested and click on OK.
- If you wish to act as a designated approver for another user, use the Designate approver option.
- Close the User Options form.
When a user tries to change the credit limit of a customer, they are shown the following confirmation form:
After clicking on OK, they are asked to enter their Password, as shown in the following screenshot:
To review the database log entries, including the signature log, open the Database log form from System administration | Inquiries | Database.
For all the tables that track electronic signatures, the Signature Review button will be enabled. The following screenshot is an example of a change to Credit Limit, from the example used in this recipe:
