User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Setting up Auditing

RDM allows auditing user actions in the web application and logging them to a text file.

Prerequisite

Before setting up auditing, ensure Auditing is enabled in App Variables.

Enable auditing

Auditing node

Auditing in configured in the Auditing node with the following configuration fields:

Name Required Description

File

Y

Logging file name pattern. Both absolute and relative paths can be used (the path is relative to the folder from which the web server is started).

The following special characters can be used in the file name pattern:

  • / - Local pathname separator.

  • %t - System temporary directory.

  • %h - Value of the user.home system property.

  • %g - Generation number to distinguish rotated logs.

  • %u - A unique number to resolve naming conflicts.

  • %% - Translates to a single percent sign (%).

File Size Limit

Y

The maximum file size in bytes before the log is rotated.

Number of files

Y

Total number of log files to keep.

Append

N

If set to true, the log records are appended to the log file.

Data read

N

A user opens a table or record details, refreshes table contents by applying a filter, and so on.

Data modification

N

A user creates, edits, deletes, sends to publish, or publishes a record.

Data export

N

A user exports data (bulk export or dump).

Security modification

N

Permissions are changed.

Workflow action

N

A record goes through a workflow state.

System event

N

User login or logout.

Configuration example

Sample auditing configuration

Full list of auditable actions

Data read

Action code Description

READ_TABLES_CHANGES

A user reads the Change Log.

READ_ENTITY_DESCRIPTION

A user selects the Description option.

FIND_ROWS

A user opens a table.

FIND_ROW_DETAIL

A user opens record details.

Data read examples
/* action logged when a user opens a table to see the content of the table (the same information is logged whenever user refreshes the content of the table, e.g., applies a filter, etc.): */
Aug 24, 2015 5:06:28 PM [Data read][FIND_ROWS]
INFO: {"ATTRIBUTES":{"Filter":{},"Count":30,"Offset":0,"EntityName":"PRODUCTS"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"FIND_ROWS","DATE":"Mon Aug 24 17:06:28 CEST 2015","TYPE":"Data read","USER":"alice"}

/* action logged when a user clicks on the "Description" link */
Aug 24, 2015 5:06:27 PM [Data read][READ_ENTITY_DESCRIPTION]
INFO: {"ATTRIBUTES":{"EntityName":"PRODUCTS"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"READ_ENTITY_DESCRIPTION","DATE":"Mon Aug 24 17:06:27 CEST 2015","TYPE":"Data read","USER":"alice"}

/*action logged when a user opens a record detail */
Aug 24, 2015 5:19:54 PM [Data read][FIND_ROW_DETAIL]
INFO: {"ATTRIBUTES":{"RowId":2,"EntityName":"PRODUCTS"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"FIND_ROW_DETAIL","DATE":"Mon Aug 24 17:19:54 CEST 2015","TYPE":"Data read","USER":"alice"}

Data modification

Action code Description

MODIFY_TABLES_REJECT_ROWS

A user rejects record publishing.

MODIFY_MOVE_WORKFLOW_EXPIRED_ROWS

A record moves to a different workflow state after staying untouched for longer than the configured maximum number of days.

MODIFY_IMPORT_TABLES

A user imports data via Load from dump.

MODIFY_TABLES_CONFIRM_ROWS

A user publishes changes to a record.

MODIFY_RETURN_TO_EDIT

A user selects Return to edit on a record with unpublished changes.

MODIFY_MOVE_TO_CONFIRMATION

A user selects Move to publish on a record with unpublished changes.

MODIFY_DELETE_ROWS

A user deletes a record.

MODIFY_UNDO

A user selects Undo on a record with unpublished changes.

MODIFY_CREATE_ROW

A user creates a record.

MODIFY_EDIT_ROW

A user edits a record.

IMPORT_DATA

A user imports data via Bulk Import or an import plan using the RDM Importer step.

Data modification examples
/* action logged when a user edits a record */
Aug 24, 2015 5:26:12 PM [Data modification][MODIFY_EDIT_ROW]
INFO: {"ATTRIBUTES":{"Recursive":false,"RowId":2,"EntityName":"PRODUCT_TYPE"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"MODIFY_EDIT_ROW","DATE":"Mon Aug 24 17:26:12 CEST 2015","TYPE":"Data modification","USER":"alice"}

/* action logged when a user clicks Undo (e.g., after editing a record) */
Aug 24, 2015 5:22:47 PM [Data modification][MODIFY_UNDO]
INFO: {"ATTRIBUTES":{"Filter":{"IDS_IN":"(7)"},"EntityName":"PRODUCT_TYPE"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"MODIFY_UNDO","DATE":"Mon Aug 24 17:22:47 CEST 2015","TYPE":"Data modification","USER":"alice"}

/* action logged when a user moves a record into the confirmation state (moves to publish) */
Aug 24, 2015 5:24:47 PM [Data modification][MODIFY_MOVE_TO_CONFIRMATION]
INFO: {"ATTRIBUTES":{"Filter":{"IDS_IN":"(3)"},"EntityName":"PRODUCT_TYPE"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"MODIFY_MOVE_TO_CONFIRMATION","DATE":"Mon Aug 24 17:24:47 CEST 2015","TYPE":"Data modification","USER":"alice"}

Data export

Action code Description

EXPORT_TAGS

A user creates a dump.

EXPORT_ENTITY

A user exports table data via Bulk Export.

RDM_SYNCHRONIZE_EXPORT

A synchronization plan is run.

Data export examples
/* action logged when a user exports data from a table */
Aug 24, 2015 5:21:09 PM [Data export][EXPORT_ENTITY]
INFO: {"ATTRIBUTES":{"Filter":{},"ExportType":"LABELS","EntityName":"PRODUCTS"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"EXPORT_ENTITY","DATE":"Mon Aug 24 17:21:09 CEST 2015","TYPE":"Data export","USER":"alice"}

Security modification

Action code Description

SEC_DELETE_ROLES

A role is deleted.

SEC_CREATE_ROLE

A role is created.

SEC_ASSIGN_ROLES_TO_USER

A role is assigned to a user.

SEC_REMOVE_ROLES_FROM_USER

A role is removed from a user.

SEC_ASSIGN_ROLE_TO_ENTITY

A role is given permissions on a table.

SEC_REMOVE_ROLE_FROM_ENTITY

A role has table permissions removed.

SEC_ASSIGN_ROLE_TO_COLUMN

A role is given permissions on a column.

SEC_REMOVE_ROLE_FROM_COLUMN

A role has column permissions removed.

Security modification examples
/* logged when a user assigns view (read only) permission to role RDM_ADMIN on table PRODUCT_TYPE */
Aug 24, 2015 5:27:53 PM [Security modification][SEC_ASSIGN_ROLE_TO_ENTITY]
INFO: {"ATTRIBUTES":{"RoleType":"V","Role":["RDM_ADMIN"],"EntityName":"PRODUCT_TYPE"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"SEC_ASSIGN_ROLE_TO_ENTITY","DATE":"Mon Aug 24 17:27:53 CEST 2015","TYPE":"Security modification","USER":"alice"}

/* logged when a user assigns view(read only) permission to role RDM_ADMIN on column DESCRIPTION on table PRODUCT_TYPE */
Aug 24, 2015 5:28:05 PM [Security modification][SEC_ASSIGN_ROLE_TO_COLUMN]
INFO: {"ATTRIBUTES":{"Columns":["DESCRIPTION"],"RoleType":"V","Role":"RDM_ADMIN","EntityName":"PRODUCT_TYPE"},"REMOTE_ADDR":"172.16.10.116","OPERATION":"SEC_ASSIGN_ROLE_TO_COLUMN","DATE":"Mon Aug 24 17:32:41 CEST 2015","TYPE":"Security modification","USER":"alice"}

Workflow action

Action code Description

WF_STATE_CHANGE

A record is moved to a different workflow state.

Workflow action example
/* logged when a user moves a record within a workflow */
Aug 25, 2015 9:14:18 AM [Workflow action][WF_STATE_CHANGE]
INFO: {"ATTRIBUTES":{"WfAction":"APPROVE","WfSystemFields":{"load_from":"2015-05-25 00:00:00.0","dwh_column":"true"},"Comment":{},"RowId":196,"EntityName":"BRANCH"},"REMOTE_ADDR":"127.0.0.1","OPERATION":"WF_STATE_CHANGE","DATE":"Tue Aug 25 09:14:18 CEST 2015","TYPE":"Workflow action","USER":"alice"}

System event

Action code Description

USER_LOGON

A user logs in.

USER_LOGOUT

A user logs out.

System event examples
/* logged when a user is logged in */
Aug 24, 2015 5:02:22 PM [System event][USER_LOGON]
INFO: {"REMOTE_ADDR":"172.16.10.116","OPERATION":"USER_LOGON","DATE":"Mon Aug 24 17:02:22 CEST 2015","TYPE":"System event","USER":"alice"}

/* logged when the user logged out */
Aug 24, 2015 5:05:43 PM [System event][USER_LOGOUT]
INFO: {"REMOTE_ADDR":"172.16.10.116","OPERATION":"USER_LOGOUT","DATE":"Mon Aug 24 17:05:43 CEST 2015","TYPE":"System event","USER":"alice"}

Was this page useful?