7 Auditing Relationship Management

The OHMPI RM auditing service meets the HIPAA compliance statement in the application level for monitoring and auditing the relationship management backend service activities. The following are the types of auditing event that the relationship management auditing service creates:

Object Access Events
- Entity Type Access
- Relationship Type Access
- Entity Access
- Relationship Access
- Domain Access
- Task Access
- Ruleset Access
Operation Events
- Create
- Update
- Search
- Activate and Deactivate
MPI Inbound Notification Events

7.1 Audit Event Data Model

Figure 7-1 illustrates the audit event data model.

Figure 7-1 Audit Event Data Model

Description of ''Figure 7-1 Audit Event Data Model''

7.2 Audit Event Format

7.2.1 RM_AUDIT_EVENT Table

Field Name	Optional (O) or Mandatory (M)	Value Constraints
EventId	M	Indicates the system generated ID
EventActionCode	M	Possible values are: C: create U: update R: read D: deactivate A: activate
EventDateTime	M	Displays the date and time when the event was logged
EventOutcomeIndicator	M	Possible values are SUCCESS and FAILURE
EventTypeCode	M	Indicates the REST Resource URI

7.2.2 RM_AUDIT_SOURCE Table

Field Name	Optional (O) or Mandatory (M)	Value Constraints
UserId	M	Indicates the user who initiated the transaction
AlternativeUserId	M	Indicates the process ID as used within the local operating system in the local system logs
RoleCode	M	Indicates the role of the user ID
NetworkAccessPointType	M	Possible values are: 1: Machine (DNS) name 2: IP address
NetworkAccessPointId	M	Indicates the machine name or IP address, as specified in RFC 3881

7.2.3 RM_AUDIT_OBJECT Table

The RM_AUDIT_OBJECT table stores information based on the OBJECT_TYPE_CODE.

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	EntityType
ObjectId	O	Indicates the entity type ID
ObjectName	O	Indicates the entity type name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	RelationshipType
ObjectId	O	Indicates the relationship type ID
ObjectName	O	Indicates the relationship type name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported
SourceName	O	Indicates the source entity type name of the relationship type.
TargetName	O	Indicates the target entity type name of the relationship type.

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	Entity
ObjectId	O	Indicates the entity ID
ObjectName	O	Indicates the entity type name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	Entity
ObjectId	O	Indicates the entity ID
ObjectName	O	Indicates the entity type name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported
SourceObjectId	O	Indicates the source entity ID
SourceObjectName	O	Indicates the source entity name
SourceObjectDetail	O	Not supported
TargetObjectId	O	Indicates the target entity ID
TargetObjectName	O	Indicates the target entity name
TargetObjectDetail	O	Not supported

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	Domain
ObjectId	O	Indicates the domain ID
ObjectName	O	Indicates the domain name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	RmTask
ObjectId	O	Indicates the RmTask ID
ObjectName	O	Indicates the RmTask name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported

Field Name	Optional (O) or Mandatory (M)	Value Constraints
ObjectTypeCode	M	RmRuleSet
ObjectId	O	Indicates the RmRuleSet ID
ObjectName	O	Indicates the RmRuleSet name
ObjectQuery	O	Query string base64 encoded
ObjectDetail	O	Not supported

7.3 Setting Up the Audit Database Tables

You must create the audit tables when the application is deployed. For information on how to execute the database create scripts, see Section 2.4.2, "Creating Database Tables".

7.4 Enabling or Disabling Auditing

Note:

By default, auditing is enabled.

While creating the RM project in NetBeans, you can enable or disable auditing. For information, see Section 2.1, "Creating the Relationship Management Project".

To modify the audit configuration after a project is created:

In NetBeans, navigate to the RM project Configuration\service folder.
Open the ohmpi-rm.properties file.
Configure the desired value for the relationship.management.audit.enabled property.
- To enable auditing, set the value to true.
- To disable auditing, set the value to false.
Right-click on the RM project and select Clean and Build.

Note:

Even if the auditing is disabled, you must create the audit tables. For information, see Section 7.3, "Setting Up the Audit Database Tables".

7.5 Viewing the Audit Log

Open an SQL editor and connect to the OHMPI RM database using the user with read access to the audit tables.
In the NetBeans editor, open the following script from the <Project_Name>/samples directory:
- search-ohmpi-rm-audit.sql
Note:
You can modify the script as required. By default, all the audit rows are sorted in descending order of date-time.
Copy the entire text from search-ohmpi-rm-audit.sql and paste into the SQL editor.
Execute the script against the database.

7.6 Archiving the Audit Log

Auditing service (if it is enabled) logs each API call made to the Relationship Management Service. So, the audit entries can become huge over a period of time. You can archive the audit entries before a specific period of time.

Open an SQL editor and connect to the OHMPI RM database using the user with delete access to the audit tables.
In the NetBeans editor, open the following script from the <Project_Name>/samples directory:
- delete-ohmpi-rm-audit.sql
Note:
You can modify the end_date in the script as the date-time until when the audit logs need to be deleted from each auditing table.
Copy the entire text from delete-ohmpi-rm-audit.sql and paste into the SQL editor.
Execute the script against the database.

7.7 Dropping the Audit Database Tables

For information, see Section 4.4, "Dropping the Database Tables".