Application Development

Enable Audit Trail and Electronic Signature

Any edits to a record can be tracked through an Audit Trail. When the Audit Trail is enabled on a table, an Audit icon displays next to each record. Clicking the icon opens a window that displays the date and time of the change, who changed the record, and the values before and after the change.

When Audit Trail is enabled, three tables are automatically created in the database: XXXXAudit, XXXXAuditColumn and XXXXAuditProcedure, where XXXX is the name of the table being audited. It is important to decide if the Audit tables are to reside in the same database as the application tables or in a different database. If using a separate database, register the database in the System Administration WebApp as a data source.

An electronic signature is a digital signature of a token representing the changes and is used in conjunction with the Audit Trail feature enabled. The token is computed by concatenating the user ID and the process token. The string is hashed using the MD4 algorithm. The resultant binary value is the signature. The value is stored in the #Audit table using Base 64 encoding.

This method provides a fast and simple digital signature implementation. It is important to note that the authenticity of an electronic signature depends on restricting access to the audit tables. If an unauthorized user gains write access to the audit tables, the signature can be forged or the audit trail could be altered.

This topic contains these sections:

Enable Audit Trail on a Page

There are two options to select when adding a new table:

  • Enable Auditing – If checked, any additions or changes made to data in the table are maintained in the audit tables.
  • Audit Procedures – If checked, a record of every stored procedure that runs against a record as part of a Stewardship Tier Page Event is maintained in the audit tables.

To enable Audit Trail on a page:

  1. Click Admin > Data Sources on the Navigation pane.
  2. Click Audit for the WebApp’s data source.
  3. Click Edit.
  4. Select the data source from Audit Data Source ID list box.

    NOTE: The Audit Data Source ID is the database where the three audit tables are stored once the tables are built. This can be the same as the data source being audited; however, using a secondary database and data source can provide benefits in data management.

  5. Click Save.

    NOTE: The tables to be audited must be added.

  6. Click Tables.
  7. Select the table from Table Name list box.
  8. Verify Enable Auditing check box is enabled.
  9. Click Save.

    NOTE: These buttons become enabled on the Horizontal View.

    • Build Audit Tables button – Creates the audit tables in the specified Data Source. Once the tables are built, the Snapshot Data button is enabled.
    • Snapshot Data button – Creates a copy of the tables when the snapshot is taken. When a record is edited, the audit trail records both the before and the after values. However, the trail only shows values that are edited. Snapshot Data can be viewed as an insert for existing records. If the audit is enabled after the table has values in it, the trail has no way of telling where the data came from, so the snapshot is a way of verifying that some data existed prior to auditing.
    • Check Columns button – Reports any differences between the columns in the table and the audit table. When the audit tables are built, all the columns from the table that are being audited are included. However, it is possible to have a case where the columns in the table and the audit tables do not match. There can be two reasons for the misalignment: 1) the Designer deliberately removed some columns from the audit table because those values should not be audited or 2) the Designer added columns to the table after the audit tables were build and forgot to manually update the audit tables.
  10. Click Build Audit Tables button, a validation message displays.
  11. Click the OK button.
  12. Click Snapshot button to take a snapshot of the data in the table if necessary.
  13. A validation message displays, click the OK button.

Enable Electronic Signature

When users save changes to an existing record, they may be prompted to sign the changes. This authorization occurs only if the users have changed a value in a column for which electronic signature is enabled.

To enable Electronic Signature:

  1. Access the WebApp page.
  2. Right-click the column heading requiring the electronic signature.
  3. Select Edit (Control Name).
  4. Click Advanced Properties tab.
  5. Click Require Signature check box.
  6. Click Save.

Next, Use Electronic Signature with Integrated Authentication.

Use Electronic Signature with Integrated Authentication

To use electronic eignature with Integrated Authentication:

  1. Enable Custom Authentication on the Parameters page.
  2. Create a Stewardship Tier User ID that matches the user's Window User ID without the domain name.
  3. Create and register a custom authentication plugin that authenticates the user based on a client-specific active directory environment.
  4. Use the custom authentication plugin to authenticate the electronic signature credentials.

Drop Audit Tables

Two users are required to drop audit tables.The first user requests the drop and within 24 hours, the second user drops the audit tables.

To drop the Audit Trail:

  1. Click Admin > Data Sources on the Navigation pane.
  2. Click Audit for the WebApp’s data source.
  3. Click Tables 
  4. Click Vertical View.

The first user clicks the Request Drop button. A message displays, confirming a request has been submitted. Both the Request Drop and the Drop Audit Tables buttons are inactive.

If the second user does not click the Drop Audit Tables button within 24 hours, the button becomes inactive and the process needs to be initiated again. Once the button is clicked, the audit is dropped. When Audit is dropped, the audit tables remain in the database. Once the Audit is dropped, the record must be deleted on the Audit Tables page.

NOTE:   Dropping an Audit table is not workflow enabled; verbal communication between the two users involved is required.

View Failed LogIn Attempts During Electronic Signature

The Stewardship Tier allows users to view the failed login attempts that occur when a user attempts to use electronic signature. Users can view all failed login attempts or only those associated with a specific user.

To view all failed login attempts that occurred during electronic signature:

  1. Select Admin > Resources > System Logs in the Navigation pane.

  2. On the System Log page, for Electronic Signatures, click the Log icon.

All failed attempts display on the System Logs page.

To view all failed login attempts that occurred during electronic signature for a specific user:

  1. Select Admin > Security > Users in the Navigation pane.

  2. Click the Vertical View icon for a user.

  3. Click the View History icon.

  4. Click the Electronic Signatures icon.