Siebel Audit Trail

This chapter includes information about Siebel Audit Trail. It includes the following topics:

About Siebel Audit Trail

Siebel Audit Trail creates a history of the changes that have been made to data in Siebel Business Applications. An audit trail is a record showing who has accessed an item, which operation was performed, when it was performed, and how the value was changed. Therefore, it is useful for maintaining security, examining the history of a particular record, documenting modifications for future analysis, and record keeping. Siebel Audit Trail logs information without requiring any interaction with, or input from, your users.

Siebel Audit Trail can be used for a variety of purposes. In a simple example, a call center uses an audit trail to track the status change of a service request, who changed it and when. Siebel Audit Trail capabilities can also be used to track the time needed to change the state of an item, such as a service request from open to closed. A calculation of the time difference can help the call center manager measure and improve service quality. Siebel Audit Trail can also be used to reproduce a record at a specific point in time to maintain regulatory compliance. You look at the audit trail for the record and compare the audit trail details with the current state of the record.

Siebel Audit Trail can also be used to track the viewing and export of data. For example, financial services organizations can use Siebel Audit Trail to monitor who has read or exported an account holder’s information. Siebel Audit Trail can be implemented for the Siebel Audit Trail functionality itself to help you track any changes made to the Siebel Audit Trail settings.

Note: For any Siebel Audit Trail deployment, the combination of the number of fields audited and the number of audit records created by a business process has performance implications. If you audit a large number of fields on a business component, or audit fields in a large number of business components, then unacceptable performance might result. Because read operations are common, if you audit a large number of these operations, then unacceptable performance might result.

Siebel Audit Trail Features

More Siebel Audit Trail features are described in the following topics:

Audit Scope

System administrators can specify the audit scope by the following means:

Operations (such as read, update, new, delete, and export) performed on business components
Operations performed in a specific time period
Only those operations performed by certain responsibilities, positions, or employees
Fields, for audits of read operations

Siebel Audit Trail Content

For all auditable operations, the following information is stored:

User ID of the person who performs the operation
Date and time of the operation
Record ID and row ID of the audited item

The following information lists some of the information that is stored for particular operations.

Table Information Stored for Auditable Operations

Operation	Information Stored
New Record	Name of the field on which the operation is performed Value of the field
Modify	Name of the field on which the operation is performed Old value of the field New value of the field
Copy Record	Value of the field
Delete	Name of the field on which the operation is performed Value of the field when the user deleted the record
Associate	Parent business component Child business component Link information
Read	Name of the field that the user reads Value of the field at the time of the read operation, if the Read Field Value option is selected on the Administration - Audit Trail screen
Export	Business component from which records are exported Row IDs of the exported records Number of records exported

Merging duplicate records can result in delete operations for the source records that are deleted and a modify operation for the surviving record that is updated with information from the deleted records. Variations of the delete operation for merged records include the Delete (Merge Record) operation for deleted merge records and the Delete Duplicate Assoc (Merge) operation for deleted records that are associated with deleted merge records. For more information about merging duplicate records, see Siebel Fundamentals.

Siebel Audit Trail Constraints

The following cannot be audited:

Virtual business components. Virtual business components do not bind to any underlying tables.
Calculated fields. Typically, the value for a calculated field is derived from a table-based field. Audit a calculated field by auditing the table-based field that was used to derive the calculated field.
Export of data using methods other than the following:
- From the application-level menu, selecting File, then Export Data Map
- Enterprise Integration Manager (EIM)
Record inserts, updates, and deletes that are performed through Assignment Manager or workflow policy actions. These actions do not use the Siebel Application Object Managers.
Business components that are based on external data sources.

Note: Siebel Audit Trail is not supported on the sample database.

Siebel Audit Trail for Siebel Remote and Siebel Replication Users

The following information applies to remote and replication users:

Audit trails are generated only when the user synchronizes data with the server.
Audit trails are regenerated when the user synchronizes other data.
If the transaction is rejected during the conflict resolution, then an audit trail record is not generated.

Process of Configuring and Using Siebel Audit Trail

To set up and monitor Siebel Audit Trail, complete the following tasks:

Enabling and Disabling Siebel Audit Trail

By default, the Siebel Audit Trail functionality is enabled in Siebel Business Applications.

Note: Siebel Audit Trail creates history records for predefault values.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

To enable or disable Siebel Audit Trail

Navigate to the Administration - Application screen, then the System Preferences view.
To enable Siebel Audit Trail, set the value of the EnableAuditing system preference to TRUE.
To disable Siebel Audit Trail, set the value to FALSE.
To enable Siebel Audit Trail for EIM, set the value of the EnablEimAuditing system preference to TRUE.
To disable Siebel Audit Trail for EIM, set the value to FALSE.

Specifying Business Components and Business Component Fields for Audit

You administer the business component and the business component fields to be audited from the Administration - Audit Trail screen. You cannot audit business components that are based on external data sources.

Note: If a field in the business component has a TYPE value of DTYPE_CURRENCY, then the Exchange Date Field property for the field, which has a default value of Exchange Date, and the Currency Code Field property for the field, which has a default value of Currency Code, must have a value. You can set these values in Siebel Tools.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

To configure the business component and business component fields to be audited

Navigate to the Administration - Audit Trail screen.

In the Audit Trail Buscomp list, create a new record, and complete the necessary fields.

Some fields are described in the following table.

Field	Comments
Update	Select the check box if you want to audit the Update operation.
New	Select the check box if you want to audit the New operation.
Delete	Select the check box if you want to audit the Delete operation. Clear the check box if you want to not audit the Delete operation.
Export	Select the check box if you want to audit the Export operation.
Assoc	Select the check box to audit associations with the child business components in the Child Buscomp list. For more information, see Specifying Parent–Child Associations for Audit.
Restriction Type	Select a value that determines who is audited.
Start Date	Select the date on which the auditing starts.
End Date	Select the date on which the auditing stops. Disable Siebel Audit Trail for an individual business component by setting the End Date to a date that has already passed.

In the Field list, create a new record for the field you want to audit.

Note: If you do not create at least one new record for a field on the business component, then nothing is audited.

Some of the fields are described in the following table.

Field	Comments
Field	Select the field name you want to audit. The details of the selected field appear in the Table Name, Column Name, and Join columns.
Read Field Value	Select the check box if you want to store the field value during the audits of read operations.
Reading	Select the check box if you want to audit the read operations.
Table Name	Displays the table to which the column belongs.
Column Name	Displays the column name of the selected field.
Join	Displays the join name associated with the column. You can audit only fields that are standard joins. Standard joins apply to existing fields in existing business components. You cannot audit customized implicit joins. Customized implicit joins are not visible in Siebel Tools in the Joins list for the business component. For more information about implicit joins, see Configuring Siebel Business Applications.

Repeat step 3 until the Field list shows all the fields in that business component that you want to audit.

Disabling Individual Business Components

Complete the following procedure to disable individual business components.

To disable individual business components

Navigate to the Administration - Audit Trail screen.
Use one of the following methods to disable Siebel Audit Trail:
- In the Audit Trail Buscomp list, enter an end date prior to today’s date in the End Date field.
- In the Audit Trail Buscomp list, delete the record for the business component.

Setting Up Read Auditing

You can configure Siebel Audit Trail to audit read operations on records.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

To set up an audit trail of read operations

Navigate to the Administration - Audit Trail screen.
In the Audit Trail Buscomp list, create a new record for the business component, and complete the necessary fields.
Some fields are described in the table in Step 2 in Specifying Business Components and Business Component Fields for Audit.

In the Field view, create a new record, and complete the necessary fields.

Some of the fields are described in the following table.

Field	Comments
Field	Select the name of the field on which you want read-auditing.
Reading	Select this field to indicate you want read-auditing.

Click Update Audit Cache.

Specifying Parent–Child Associations for Audit

In Siebel Business Applications, parent–child associations are set through:

MVG (multi-value group) fields
Parent–child applets

Siebel Audit Trail can keep track of changes in parent–child associations. For example, you can audit the association (and dissociation) of contacts with accounts.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

To configure business components for auditing of parent–child associations

Determine the name of the child business component with the association that you want to audit.
Navigate to the Administration - Audit Trail screen.
In the Audit Trail Buscomp list, perform one of the following steps:
- Select an existing record for the parent business component.
- Create a new record for the parent business component, and complete the necessary fields. Some fields are described in table in Specifying Business Components and Business Component Fields for Audit.
Make sure that the Assoc field is checked.
Navigate to the Child Buscomp view.

In the Child Buscomp list, create a new record for the child business component that has an association with the parent business component you want to audit.

Note: If the Deep Delete user property is configured for the child business component, then create a new record for the child business component in the Audit Trail Buscomp list in the same way that you create a new record for a parent business component. In this case, do not create a new record for the child business component in the Child Buscomp list.

Some of the fields are described in the following table.

Field	Comments
Link Name	Select the link between the parent and child business components that you want to audit.
Child Buscomp	Displays the child business component for the link.
Parent Field	Displays the parent field of the child business component.
Inter Child Column	Displays the name of the child column.
Table Name	Displays the name of the table on which the link is based.
M/M	Displays whether the link is a many-to-many link.

Specifying Siebel Audit Trail Restrictions

You can restrict who gets audited by user, position, or responsibility.

For example, if you set the Restriction Type to User on the Audit Trail Buscomp Fields view, then navigate to the Audit Trail Users View and add the users to audit. Restriction by responsibility or position works in the same way.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

To specify Siebel Audit Trail restrictions

Navigate to the Administration - Audit Trail screen.
In the Audit Trail Buscomp list, select a business component entry, and change the Restriction Type field to Position, Responsibility, or User.
Navigate to the Position, Responsibility, or User view.
Create or edit records in the position, responsibility, or user list for the audit trail.
The positions, responsibilities, or users you specify are audited for the operations on this particular business component.
Click Update Audit Cache.

Verifying Siebel Audit Trail Configuration

The following steps are part of the verification process to make sure that the business component and business component fields were specified correctly.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

To verify Siebel Audit Trail records

Navigate to the view for the business component that you want to audit.
Make a change to the data in that view.
Navigate to the Audit Trail screen, then the Audit Trail Items view.
In the Audit Trail Items list, query the business component and field values to make sure there is a new record showing the changes that you made to the business component.

Viewing Audit Trail Records

After you have set up the fields, operations, responsibilities, positions, and employees to be audited, you can read the results of the audit trails in the Audit Trail view and the Audit Trail Items view.

This task is a step in Process of Configuring and Using Siebel Audit Trail.

Querying Audit Trail Information

After recording or importing audit trail records into the Siebel database, you can query audit trail information in the Audit Trail Items view. For example, you can query Audit Trail Items to determine changes made by team members, dates, or operations performed on a business component.

To query audit trail information

Navigate to the Audit Trail screen, then the Audit Trail Items view.

Query the list for Audit Trail Items of interest.

Some fields are described in the following table.

Field	Comments
Employee Login	Displays the username of the user who changed the record.
Business Component	Displays the business component for the record where the database change occurred.
Field	Displays the name of the field where the change occurred.
Operation	Displays the type of operation that was performed, for example, New Record, Delete, and so on.
Old Value	Displays the value in the field before the database change occurred.
New Value	Displays the value in the field after the database change occurred.
Date	Displays the timestamp of the change.
Child Business Component	Displays the child business component for the record where the database change occurred, if any.
Record ID	Displays the unique identifier of the record that was changed.
Base Table	Displays the name of the primary database table where the database change occurred.
Child Table Name	Displays the name of the child table for the record where the database change occurred, if any.
Column	Displays the name of the column in which the change occurred.
Group ID	Displays the unique identifier of the group to which the user who changed the record belonged.
Link	Displays the name of the link that describes the relationship between the child business component and the parent business component. This link is configured in Siebel Tools.
Table	Displays the name of table to which the selected field belongs in the Siebel database.
Row ID	Displays the unique identifier of the row in which the change occurred.
Employee ID	Displays the unique identifier of the user who changed the record.

Querying Export Audit Trail Records

You can set up Export Audit Trail for a business component to monitor the export activities for the business component. Export activities include selecting Print or Print Preview in the list that appears when you click the cogwheel icon in a view to print a record in that view. You can view the results of export audit in the Export Audit Trail view. For details on setting up Export Audit Trail, see Specifying Business Components and Business Component Fields for Audit.

To query Export Audit Trail information

Navigate to the Audit Trail screen, then the Export Audit Items view.

Select the Audit Trail Item required.

Some fields are described in the following table.

Field	Comments
Employee Login	Displays the username of the user who initiated the export.
Business Component	Displays the business component on which the export operation was performed.
Record Count	Displays the number of records that were exported.
Date	Displays the timestamp of the export activity.
Record IDs	Displays the unique identifier for each record that was exported.
Employee ID	Displays the unique identifier for the user who initiated the export.

Querying Read Audit Trail Records

You can use the Read Audit Trail feature to monitor the reading of sensitive information.

To query Read Audit Trail information

Navigate to the Audit Trail screen, then the Read Audit Items view.

Select the Audit Trail Item required.

Some fields are described in the following table.

Field	Comments
Employee Login	Displays the username of the user who read the record.
Business Component	Displays the business component for the record that was read.
Record ID	Displays the unique identifier of the record that was read.
Date	Displays the timestamp of the read operation.
Employee ID	Displays the unique identifier of the user who read the record.
Field Name	Displays the name of the field that was read.
Field Value	Displays the value that was in the field at the time that the field was read.

Note: To audit record field values, you must select Read Field Value in the Field view of the Administration - Audit Trail screen. For more information, see Specifying Business Components and Business Component Fields for Audit.

Linking Siebel Audit Trail to a Business Component

In some circumstances, you might want to link the Audit Trail view to a specific business component view. For example, a Call Center team might want to see the audit trail records for individual service requests. Using Siebel Tools, you can create a view that allows the Call Center team to see these audit trail records, if the following conditions are met:

Siebel Audit Trail must be running in database auditing.
You must be able to audit the business component you are linking to Siebel Audit Trail. For information about determining if a business component can be used in Siebel Audit Trail, see Siebel Audit Trail Constraints.

Note: Because Audit Trail Item records are not routed to mobile Web clients, data in these linked views can appear only in Siebel Web Client and the Siebel Developer Web Client. Make sure that mobile clients do not have access to views displaying audit trail data.

To link Siebel Audit Trail to a business component

Complete the following steps in Siebel Tools:
1. Create a link between the Audit Trail Item 2 business component and the business component to which you are linking Siebel Audit Trail, and set the parent business component property of the link to the name of the audited business component.
  
  For example, if you are configuring the view to show the audit trail records for the Product Defect business component, then the parent business component is Product Defect. The Child Business Component for the link is Audit Trail Item List 2. The Source and Destination Fields for the link are Id and Record ID respectively.
2. Modify the business object for the business component to which you are linking Siebel Audit Trail.
  
  You must create Audit Trail Item 2 as one of the business object components, and specify the Link property as the link you created in Step a.
3. Create a view that has an applet that is based on the selected business component as a parent, and the Audit Trail Item List 2 applet as a child.
4. Add this view to a screen.
Launch one of the Siebel employee applications.
Navigate to the Administration - Application screen, then the Views view.
In the Responsibilities, and add the responsibilities that are applicable to the new view.

Decoding the Audit Log File

Audit trail data is stored in an encoded form in the Siebel database to maximize the performance of the overall Siebel application.

Audit Trail Item 2 Virtual Business Component

You can use the Audit Trail Item 2 virtual business component to export your audit trail data to a data warehouse. To maintain compatibility with data from previous Siebel versions, you must decode the new information and store the newly formatted records into the old format.

All audit trail values for a single transaction are grouped together into one record in the S_AUDIT_ITEM table. Previously, values were stored in the OLD_VAL and NEW_VAL fields. The NEW_VAL and OLD_VAL columns are no longer populated in S_AUDIT_ITEM table. Instead, the fields and values for an audit transaction are grouped into the AUDIT_LOG column of the S_AUDIT_ITEM table.

To decode audit items, you can call the Audit Trail Item 2 virtual business component. The Audit Trail Item 2 business component is no longer based on S_AUDIT_ITEM table. Instead, this business component is now a virtual business component that is based on a highly specialized class that has its own business logic to retrieve data from S_AUDIT_ITEM table.

Note: Using the virtual business component to decode audit trail data is the only method that Oracle supports. The virtual business component is updated to reflect any changes in the underlying data structure.

Workflow to Decode Audit Data

The workflow that you use to decode audit data depends on how you use the data. If you are implementing an archival solution, then you might want to implement a solution that reads all created records. If you are implementing a more data-oriented solution, then you must implement a solution that has more control of the data.

The following is an example of a high level flow for reconstructing data:

Start the Audit Trail Item 2 virtual business component.
In a search time window, run a query for Audit Trail Item 2.
Run an query for Audit Trail Item - Data, where the date and time match the previous record.
Write out the decoded record ID: New Val, Old Val.
This step is entirely dependant on your specific requirements and can range from writing to a custom table in the Siebel database to sending the decoded data to an external data source using one of the EAI Transports.

You can modify this flow to restrict the data returned by business component, user, position, and so on. However, the flow must always include the fundamental aspect of querying both the Audit Trail Item 2 virtual business component and the Audit Trail Item – Data business component to construct a record consistent with format of a previous version of a Siebel Audit Trail record.

Use this flow to make sure that duplicate records are not included in the export of audit trail data to a data warehouse. In this flow, row IDs are not obtained from the Audit Trail Item - Data business component to create records with unique row IDs but to identify already-exported records. This identification occurs in the data warehouse. (Due to the encoded format of the Audit Trail Item - Data business component, a virtual record in the Audit Trail Item 2 virtual business component does not always map one-to-one to a physical database record in the Audit Trail Item - Data business component. Consequently, a record for the Audit Trail Item 2 virtual business component does not always have a unique row ID.)

Next, you must create a trigger for the workflow you are using to decode audit data. You can use a reactive trigger through runtime events or workflow policies. If you need real-time or near-real-time onward transmission of the audit trail data, then consider using a reactive trigger. However, consider that the volume of transactions occurring on the audit tables is high, so any per-record solution might cause unwanted performance effects on the entire Siebel application. Any deployment using a reactive trigger on audit data requires extensive performance profiling.

For any situation that does not require real-time data transmission, consider an asynchronous batch approach using a mechanism such as repeating component requests. You can tune and adjust these requests so that the frequency of the job matches the data and performance requirements of the Siebel application. In many cases, you can time these requests to run during periods of reduced activity in the Siebel application. It is recommended that you use this approach for the majority of use cases.

You can use either a custom business service in conjunction with a workflow process, or you can use a workflow process on its own to implement your solution to decode audit trail data. Leveraging only a workflow process might assist in the long term maintenance of the solution if you think that it might require modification over time; however this approach also adds complexity to the solution due to the requirements of stepping through data sets and restricting records.

Example Business Service

This example provides sample code for a business service that you can use to retrieve and decode data; note however that the search specification is arbitrary. Carefully consider this search specification for individual implementations. You can apply a search specification to only fields that map to physical columns, and not to encoded fields.

/***********************************************************************************/
/* function: decodeAuditTrail
/*
/* The top level function to read audit trail data encoded in Siebel 8.x format    */
/* allowing the data to be exported as simple value pairs for purposes of archival */
/* or business intelligence.                                                       */
/************************************************************************************/
function decodeAuditTrail(strTimediff)
{
try {
	// Create objects
	var boAudit = TheApplication().GetBusObject("Audit Trail");
	var bcAuditItem = boAudit.GetBusComp("Audit Trail Item 2");
	with(bcAuditItem) {
	   SetViewMode(AllView);
	   ClearToQuery();
	   // Set the search specification. In this example we are only
	   // using time differential.
	   SetSearchSpec("Date", ">= " + strTimediff);
	   ExecuteQuery(ForwardOnly);
	   var bRecord = FirstRecord();
	   while(bRecord) {
			//Retrieve field values
			var strRecordId = GetFieldValue("Record Id");
			var strBC = GetFieldValue("Business Component");
			var strFieldName = GetFieldValue("Field");
			var strOldVal = GetFieldValue("Old Value");
			var strNewVal = GetFieldValue("New Value");
			var strDate = GetFieldValue("Date");
			//Query for underlying Row Id
			/**************************************************************************/
			/* function: getAuditRowId                                                   */
			/*
			/* Retrieves the physical row ID associated with the decoded audit record to */
			/* provide a defined cutoff for the audit export operation. In cases where   */
			/* more than one record is retrieved, an error is thrown because the defined */
			/* cutoff is not unique, and the operation is retried with new parameters.   */
			/**************************************************************************/
			var strAuditId = getAuditRowId(strRecordId, strDate);
			//Placeholder for function to write out values
			writeAuditValues(strAuditId, strBC, strFieldName, strRecordId,
			strOldVal, strNewVal, strDate);
			bRecord = NextRecord();
		}
	}
}
catch(e)
{
	throw(e);
}
}
function getAuditRowId(strAuditRecordId, strAuditRecordDate)
{
	var strReturn = "";
try
{
	// Create objects
	var boAudit = TheApplication().GetBusObject("Audit Trail");
	var bcAuditData = boAudit.GetBusComp("Audit Trail Item - Data");
	with(bcAuditData) {
		SetViewMode(AllView);
		ClearToQuery();
		// Set the search specification for the combination of
		// record Id and date
		SetSearchSpec("Date", strAuditRecordDate);
		SetSearchSpec("Record Id", strAuditRecordId);
		ExecuteQuery(ForwardOnly);
		var bRecord = FirstRecord();
		if(bRecord) {
			strReturn = GetFieldValue("Id");
			// Check to see that we only have one record
			bRecord = NextRecord();
			if(bRecord) {
			throw("Error: Multiple Record Id and Date records
			identified");
		}
}
else
	strReturn = "";
}
}
catch(e)
{
	throw(e);
}
	return(strReturn);
}

Importing Siebel Audit Trail with Enterprise Integration Manager

You can import existing audit trail data into Siebel with Siebel Enterprise Integration Manager. You can use the Enterprise Integration Manager tables for Siebel Audit Trail to import your data from a previous version of Siebel. The current version of Siebel CRM uses the same table columns as the previous version of Siebel. The virtual business component displays the data from the previous version of Siebel along with the data from the current version of Siebel.

Enterprise Integration Manager tables for Siebel Audit Trail are designed for use solely as a data loading exercise. Oracle does not support runtime insertion of data into the Siebel Audit Trail tables by any mechanism other than Siebel Audit Trail. For more information about Siebel Enterprise Integration Manager, see Siebel Enterprise Integration Manager Administration Guide.

Customizing Siebel Audit Trail

Siebel Audit Trail is a closed set of functionality that is designed to be used as delivered. It is one of the very few areas of the Siebel application that is not suitable for additional customization and configuration by integrators or customers. Audit trail data is stored is an internal format and is only accessible through the virtual business component.

Note: Additional custom columns and trigger points for inserting audit trail data are not supported.