Audit Managements
Teamcenter has transformed the way data is tracked in PLM environment: Who caused? What changed? And When?
As PLM expands its scope across the extended enterprise the need for not only securing data, but also for tracking what happened to data becomes increasingly important!!!
To keep control of your valuable product knowledge, you need to know what information is being changed and by whom, and in some cases, simply who is accessing it.
• What is Audit Log?
Any activity information stored or recorded for future references is called audit data or audit log.
More precisely, capturing the information about who has perform (user) what action (modify, delete, CICO, read) on which object (Item/Item Revision/Dataset/Form), when (Timestamp) and what (information) has changed as a part of that action.
• This blog is covering KEY aspects of Teamcenter Audit Management to get started on Auditing in no time, which I explored for one of our implementation project at FaithPLM.
• What is Teamcenter Audit Management?
Teamcenter audit management enable you to track activities happening on data in your PLM environment and retain it as an audit log which helps to
• Identify what information has changed
• Identify what specific properties has changed
• See who changed it
• See what action (also known as event) triggered the change
• Compare the old and new values of the changed data
• Example: Track who change the value of specific property and what was the old value (Say you have cost field which you want to track for the changes)
• Determine who is accessing your files and what has been changed
• Example: Who read the file, similarly who modified the file, what has changed in the file
Audit Logging Key Elements:
• Example: , Checkout, Edit, Delete, File read, File Write, Add/remove user to project
Audit Event Mapping: Event mapping is a process of connecting or linking specific event to a business object type.
• Example: Checkin, Checkout, Delete, Modify events are mapped with Item as shown below
(To make available secondary audit properties while defining audit defination you have to select secondary audit type field here)
Audit Defination: Audit definition is to define what information to capture about a particular object when an event occurs.
• Example:
Capture object_name, check_out_date, checked_out_user, gov_classification on happening modify event on item as shown below
(You can also capture secondary object information related to primary object on happening event on primary object)
Audit Extention: A log extension allows you to write additional data, other than the data captured by audit logs.
• Example: to capture additional information such as change ID, and the reason to audit on checkin and checkout events.
OOTB Teamcenter has provided several extensions which you can use to collect additional data. You can also create custom extension based on your requirement to capture additional info in audit log.
Primary Audit Record: Primary logs holds the information about an object on which the action is happened. This you have to define using audit defination as shown below.
Example: Collect information about EPMTask object on action Assign Approver as shown in the snap below
Similarly, an ADA License (the Primary object) is attached to a workspace object (the secondary object), and properties of the workspace object are required.
Steps to setup Audit Loging:
• Usage:
Note: Logs are logically grouped as shown below, this helps you to quickly browse through required log
View Primary and Secondary Audit Log
o Use summary stylesheet to view Audit records in Summary tab of each object in Rich client
Search Audit Record
o Use queries to search audit record
Genarate Audit Report
o Various Audit reports can be generated using Report Application or Teamcenter Reporting and Analytics
Export audit logs
o You can export the audit logs to CSV or XLS file
Common Use Cases :
oThere are various use cases where you need to track the information
General Logs:
o Check-Out
o Check-In
o Modify
o Delete
To support
• Troblshooting access issues
• Audit object change history
• Anlyse who has changed what on these actions
File Access Logs:
Record details on-o File read action
o File modify action
To support
• Analysis of file usage
• Addressing file acces related security issues
• Audit dataset change history
• Tracing file changes over a period
Workflow Logs:
Record Details Like o Dates/ time for important workflow stepso Review initiator’s profile
o Micro management steps
To
• Support decisions like postpone or advance review meetings
• Adjust budget for task completion
• Resource allocation / release
ADA License Logs:
Record Details Likeo Who has attached ADA license to which busienss object and when
o Capture secondary object (to which the license got attached) details such as GOV classification, name, description, owner and other properties
To
• Undersatnd data export controls trend in the system
• Keep eye on sharing data through export control
Project Logs:
Record Details Likeo Project management tasks who created, modified, deleted project along with properties
o Project team management tasks which user got added through user/role/group similary priviliged/non priviliged/team admin, default project set and so on
To
• Trace various activities performed in context of project
• Keep record of project team for future audit
Installation and Configuration Involved:
Installation/License: Audit manager is a part of Teamcenter foundation and hence doesn’t require any explicit installation as well as license
Configuration:
Preferences:
To enable audit manager you have to set below preferences
TC_audit_manager = ON
TC_audit_manager_version = 3.
(There are some preferences to help you control number of audit records in the table, access control and so on)
Access on Audit Record:
Using access manager you can define access control on audit log, by default user can view audit logs only if user has read access to the relevant object
To honor AM based access rules, you have to set
TC_audit_avoid_delegation_for_audit_access
Example:
o Limit audit record access to admin only for the deleted object,
o Limit workflow audit record to specific people who are involved in workflow
BMIDE:
Audit logs are stored in the database. Audit log objects stores the respective audit logs.Example:
Fnd0FileAccessAudit : stores file access audit logs.
Audit logs type to be used in event type mapping
You can create audit configuration objects such as audit definition, events, and event type in using BMIDE (refer the details given in section “Audit Key Elements”)
Points to Remember:
1. OOTB there are some audit logs enabled in the system, based on your requirement you have to turn on the “is Active Flag” on required audit definition or build your own defination
2. Siemens recommend to enable auditing only for required actions and that too for specific objects of your business interest and not for all to keep audit table size low in the database
3. Define purging cycle based on the volume of audit data generated in the system to keep database clean
Benefits:
I can summarize few benefits of “Teamcenter Audit Management” as below
Detailed Insights:
Audit logs gives you the insights on usage of system in context of important documents or processes and hence helps you to increase efficiency and security in a reliable, provable way.
Demonstrate Compliance:
Audit logs can be used as proof of regulatory compliance during an audit and can help your company to fulfill its record-keeping requirements for compliance purposes.
Increased Security:
Having audit logs can protect your business from liability during legal battles. It can also help you to monitor data for any potential security breaches or internal misuses of information.