AUDIT TRAILS AND LOGS OVERVIEW

     Audit Tracking in Maximo/TSRM

1.1         What is audit tracking?

An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.

1.2         By default do we have any way to tack changes in Maximo/TSRM?

Yes, by default there are many type of changes which are already tracked historically, like the history of an Asset moving from one location to another or the status changes of a Work Order.

1.3         What iF customer adds new attribute or wants to track the history of an existing attribute not enabled by default, how would they do so?

Using the enabled E-audit we can track changes of any Maximo object for any number of attributes. Once enabled and audit record is created in a corresponding audit table at the time the user saves the record to the database.

This way each time a  user adds, deletes, or modifies the value of an attribute using a Maximo application the change is saved.  The audit record will include a copy of the changed data, the user-name of the person making the change, an identifier indicating the type of change (insert, update, delete) and unique transaction id for the change.

1.4         How to enable audit tracking?

Here's a real example to help reinforce your understanding.  Let's say an asset manager wants to know each person that's been assigned as the primary user of an asset.  This information is critical to move management process so an audit trail needs to be enabled.

Maximo system administrator can follow these steps to enable audit tracking.

The following steps will enable audit tracking of the person assignment.

1. Open Database Configuration application and enable e-audit on the ASSETLOCUSERCUST object.
2. On the attributes tab enable audit on the ISPRIMARY and PERSONID attributes.
   The next steps will make the audit changes visible on the Asset record.

1.  Open Database Configuration application for the Asset object.
2. Add a new relationship that references the A_ASSETLOCUSERCUST child object use where clause 'assetnum = :assetnum and siteid = :siteid".
3. Save and apply the configuration changes.
4. Open application designer for the Asset application and add a new table section which references the relationship created in the previous steps.
5. Add the PERSONID and other columns you want to be displayed in the table and save the record.

Go to the asset application and change the user assignment, the previous user assignment should now be displayed in your new table.  As additional changes are made a history of user assignments will be displayed in the new table.

This is just one example of how to use the E-audit capability in Maximo but the same configuration can be used or applied to many different use cases.

1.5         Can we track configuration changes in done in database? 

Yes we can, if you're looking for auditing changes made to the database in the database configuration application you would require to turn on E-Audit on the MAXATTRIBUTECFG object and enable it on the fields you care about (typically, domain, length, scale, maxtype, etc.). MAXATTRIBUTECFG is an "internal" definition.  Set Internal=Y in your Advanced Search window on Database Configuration and execute the search.

1.6         Is there any way to track changes done in application designer?

Yes we can. Many times we use external system to maintain versions of XMLs and all, but apart for this we can also tack changes by “Enabling auditing for Application Designer”.

Maximo system administrator can follow these steps to enable audit tracking for application designer.
The following steps will enable audit tracking of the MAXPRESENTATION object.

1.      Go to Database Configuration app and bring up the MAXPRESENTATION object.

2.      Mark the 'Audit Enabled' field to true.

3.       In the Attributes tab, mark the checkbox 'Audit Enabled' for and attributes in the list which you want to audit.

4.      Save it and apply the configuration changes.

5.      Do some tests in the Application Designer, import some XML files and query the A_MAXPRESENTATION in the database.

1.7         Can be track or monitor when people are logging into the system and from what IP?

Yes we can track using logging tracking feature for Maximo.  When you enable login tracking, the asset management system logs all sign in attempts, successful and unsuccessful. You can specify the maximum number of unsuccessful sign in attempts. If a user exceeds the maximum number of unsuccessful attempts, the status of the user record is changed to BLOCKED. The user is prevented from logging in until an administrator uses the Change Status action to set the status back to ACTIVE.

Maximo system administrator can follow these steps to enable login tracking,

1. From the Select Action menu in the Security Groups or Users application, select Security Controls.
2. In the Security Controls window, specify whether you want to enable the login tracking:

Option	Enable Login Tracking
Enabled login tracking	Selected
Disabled login tracking	Cleared

3. Enter values in the following fields:

Option	Description
Login Attempts Allowed	The number of times a user can incorrectly enter their user name or password before being blocked from the asset management system.
Password lasts this Number of Days	The number of days a user password is valid. If you do not want the password to expire, leave this field empty.
Days Before Password Expires to Warn User	The number of days before the user receives an expiration warning message.
Days Before Previously Used Password can be Reused	The number of days before a user can use a previously used password. If this value is 0, the asset management system does not check for password reuse.

4. Click OK.

1.8         What is an e-Signature in Maximo?

It is an electronic signature that consists of a user ID and a password known only to the user. It confirms that the person changing a record is the person who logged in to the system.

1.9         What are the benefit of using the E-Signature feature?

The Maximo E-Signature feature provides these benefits:

Allows Maximo administrators to request user password entry authentication prior to allowing and saving configuration changes on specific individual attributes.

Provides search filtering that can greatly assist in auditing the present e-signature enablement setting of applications and attributes

 Protects the approved configuration of specific applications and actions.

How to enable E-signature?

Maximo system administrator can follow these steps to enable E-signature.

1.      Navigate to Database configuration application

2.      In Database Configuration, select the appropriate object. For example enabled such as ASSET and attribute PRIORITY. 

3.       On the Object tab, go to the Audit section.

4.      To activate electronic audit records, check the Audit Enabled box.

5.      The Audit Table field defaults to A_ and the name of the selected database object (example: A_Asset). You can specify a different name.

6.      On the Attributes tab, select the appropriate attribute. Such as PRIORITY

7.      In the Advanced table window, check the E-signature Enabled? box.

8.      For each appropriate attribute, check the Audit Enabled? box.

9.      Any transaction that involves this database attribute is recorded in the electronic audit object.

10.  Choose Select Actions > Manage eSig Actions. Select the application and options for actions, then click OK.

11.  Save the record.

12.  Configure the database.