3/5/2019 2307420 - BizX Platform - Audit Framework inner workings - How does the audit framework capture and

capture and store the audit data ? What i…

SAP Knowledge Base Article - Public

2307420 - BizX Platform - Audit Framework inner workings - How does

the audit framework capture and store the audit data ? What is
captured ?

Symptom
How does the audit framework capture and store the audit data ? What is captured ?
What is the structure of the audit framework database ?
I want to understand the technical inner workings of the audit framework solution.

Resolution
The audit framework works by capturing any changes to your database (update of information, addition of new information, deletion of information)
For each change, the audit framework replicates the data affected into its own database, and adds additional details to the captured information.

TXN_ID: The internal transaction id generated by the BizX database server

OPERATION: Was the change an addition of data, a deletion of data, or a modification of existing data or new data INSERTION.
TXN_DATE: The date the database transaction happened
SEQUENCE_NUMBER: we use this to track change sequences for primary records

So in the essence, the audit framework database is like a 1 to 1 copy of your BizX database with the addition of the above columns to each database table.

In parallel we use and update another key table called AUDIT_TXN_LOG with the context of the change (who made the change, when was the change made, etc..).
This table will store the context in relation to each TXN_ID.

By cross referencing the data in AUDIT_TXN_LOG with the data you need audited using the TXN_ID, we can build a picture of who changed what, what they changed,
and when.
In AUDIT_TXN_LOG we also capture information on whether the change was triggered by a user that another person was proxying as.
We will be able to see both USERID's for the user that triggered the change, and the user that was proxying as that user

EXAMPLE:
Let’s imagine your Bizx Database has a simple table called USERINFO containing user information on fields called A, B, and C for user Tim and the data was originally
imported by John on April 10th.
Note: For our purposes the database table names and all columns will be simplified.

The USERINFO table would look something like this in the Bizx Database :

USERFIELD A FIELD B FIELD C

Tim 1 2 3
Now if user John edited Tim’s data for FIELD A to 4 on the 12th April, and made another change to FIELD A to 5 on the 13th April.
What would we see in the Bizx Database, and what would be in the Audit Framework database on the 14th April ?

In the Bizx Database, we would still see just one row for Tim, with the updated values in the USERINFO database table:

USERFIELD A FIELD B FIELD C

Tim 5 2 3
In Audit Framework we will see 3 rows (one for each change and one for the initial creation) and they will look something like this.
(Remember we use the same database table names so we are also looking for the same database table USERINFO:)

USERFIELD A FIELD B FIELD C TXN_ID OPERATION TXN_DATE

Tim 1 2 3 109.10.211818 INSERT 10th April
Tim 4 2 3 29.2.5322817 COMPUPDATE 12th April
Tim 5 2 3 23.1.5435525 COMPUPDATE 13th April
In Addition we will have the TXN_AUDIT_LOG table providing us with information on the context for transactions with matching TXN_ID's (highlighted). See below a
simplified version of what we would find:

PROXY_USERID
CLIENT IP
(who proxied as
(What was
USERID the user that
the IP
(who made the change PROXY_USERS_FIRSTNAME PROXY_USERS_LASTN
TXN_ID TXN_DATE address of USERS_FIRSTNAMEUSERS_LASTNAME
made the ? (empty if no proxy) (empty if no proxy)
the user
change ?) will be empty if
making the
no user was
change?)
proxying)
109.10.211818 10th April John_User 192.168.1.10John User
29.2.5322817 12th April John_User 192.168.1.10John User
23.1.5435525 13th April John_User 192.168.1.10John User
So by matching the TXN_ID’s between the table that stores Tim’s information, and the table that stores information on the context of the TXN_ID, we are able to see that
John created Tim’s data on April 10th, but also modified it on 2 occasions on April 12th and 13th.

Keywords
Audit framework write technical description , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SEC , Security & Permissions , Problem

https://apps.support.sap.com/sap/support/knowledge/public/en/2307420 1/2
3/5/2019 2307420 - BizX Platform - Audit Framework inner workings - How does the audit framework capture and store the audit data ? What i…

Product
SAP SuccessFactors HCM Core all versions

Legal
Privacy (http://www.sap.com/corporate-en/about/legal/privacy.html) | Terms of use (https://support.sap.com/support-programs-services/about/terms-of-use.html) |
Legal Disclosure (http://www.sap.com/corporate-en/about/legal/impressum.html) | Copyright (http://www.sap.com/corporate-en/about/legal/copyright/index.html) |
Trademark (http://www.sap.com/corporate-en/about/legal/copyright/index.html#trademark)

Follow
(https://www.facebook.com/SAPDigitalBusinessServices) (https://twitter.com/SAPSupportHelp) (https://www.youtube.com/user/SAPSupportInfo)
(https://www.linkedin.com/groups/138840) (https://plus.google.com/+SAPCloud)

https://apps.support.sap.com/sap/support/knowledge/public/en/2307420 2/2