Auditing
This section discusses how to set up the auditing functionality in your system.
OverviewDefines auditing and explains how the Auditing module works.
Planning AuditingDescribes what to consider before performing an audit.
Setting Up AuditingDescribes the requirements for configuring auditing for databases, importing policies, enabling auditing for specific areas, and generating audit reports.
Setting Up Archive DatabaseDescribes how to set up archive databases, connections, report on them, and customize archive/load scripts.
Generating Audit Trail ReportsExplains how to generate reports against application and archive databases.
Exporting Audit PolicyExplains how to export audit policies using Audit Policy Export.
Disabling AuditingExplains how and why to disable auditing.
Overview
Auditing is the process of evaluating an organization’s practices for safeguarding electronic information from loss, damage, unintended disclosure, or denial of availability. It is one of the essential factors in providing a secure application and in meeting mandatory regulatory compliance.
The system’s Auditing capability integrates with the Progress OpenEdge Auditing capability in Progress OpenEdge 10. Refer to the Progress documentation for additional information about the Auditing capability in Progress and about the Progress Data Administration utility.
With QAD’s Auditing module, you can configure your system to maintain audit trails. Audit-trail records are created and stored in audit trail tables. They contain facts about changes made in the databases. A typical audit record includes information that helps you identify who made a change, which program made the change, when the change was made, and what the change was. You can set up these functions for all tables or you can limit the audit trail recording activity to specific tables.
The Auditing module adds value to the Progress OpenEdge Auditing capability by including:
• A user interface that allows you to enable and disable auditing at the table level with reusable defaults. This function is more straightforward than the audit policy maintenance function provided by Progress.
• A default audit policy. QAD’s default policy includes configuration of identifying fields of tables in QAD’s main database. With the default policy, users can easily identify changed records according to the content of the audit trail.
• Reports that perform better and are easier to use than the default Progress reports.
• The ability to trace the user who made the changes through the QAD architecture.
• Import/export policies to allow users to set up audit policy in one database and enforce it in other databases by exporting and importing the policy. This prevents having to repeat the setup for each database—reducing errors and ensuring that all company databases are using the same policy.
An Enhanced Controls license is required to use Auditing. Various OpenEdge utilities must also be run and data administration options set to enable particular databases for auditing.
Warning Importing policies of your own into the system or using Progress tools to change QAD’s default policy may cause conflicts on policy configuration. These activities are not recommended.
Below is a list of menus and programs for the new auditing module.
Auditing Module Menus and Programs
|
Number
|
Menu Label
|
Program
|
|
36.12.1
|
Audit Trail Report–App DB
|
atapprp.p
|
|
36.12.2
|
Audit Trail Report–Arc DB
|
atarcrp.p
|
|
36.12.13
|
Audit Trail Setup Menu
|
|
|
36.12.13.1
|
Audit Policy Import
|
atplimp.p
|
|
36.12.13.2
|
Audit Policy Export
|
atplexp.p
|
|
36.12.13.5
|
Audit Configuration Maintenance
|
atplmt.p
|
|
36.12.13.6
|
Audit Configuration Report
|
atplrpt.p
|
|
36.12.13.11
|
Audit DB Maintenance
|
atdbmt.p
|
|
36.12.13.12
|
Audit DB Report
|
atdbrp.p
|