4 Replies Latest reply on Oct 29, 2014 12:30 PM by bmagurn

    Make the Audit Trail pane read only

    Rookie

      We are concerned that users are going into the Audit Trail and changing items, for example the Details within a previous Add Assignment action.

       

      How do we prevent users from changing these?

       

      I have tried removing the Privilege on Modules--System--'Non-Process Related'--Audit Trail Item and Audit Trail Value, but doesnt seem to make any difference.

        • 1. Re: Make the Audit Trail pane read only
          elizabethcombrink Employee

          Hi S,

           

          The audit trail allows access through to the collection items that were created for that process. When you click on the item in the audit trail, it opens the window as per the window rules for that person.  You need to design the window correctly, so for those items where you don't want the info to be changed, you should set the Protection Level property to be Write Once.

           

          I do also have windows that are published to administrators that does not have the write once set to allow me to change the data where there is a legit required.

          • 2. Re: Make the Audit Trail pane read only
            Rookie

            Thank you Liz,

             

            This solution gives me a lot of work though, as I would have to go through every attribute on every object to apply the restriction.

             

            But the solution does work!

            • 3. Re: Make the Audit Trail pane read only
              elizabethcombrink Employee

              As with most things in life, the devil is in the detail!

              • 4. Re: Make the Audit Trail pane read only
                bmagurn Apprentice

                I have this issue also. 

                It's a little sad that it does not do this out of the box.

                It should automatically permission a past action to read-only or at least, give only the creator owner the ability to go back and change it after the fact.

                 

                There are some issues that pop-up when you start tweaking every .. single ... window to write once.  For example, I set that on the assignment window, and then I was in process designer and realized that the reason I couldn't edit the assignment email was because sa was getting that tweaked window through the console.  Obviously I could write a view rule to workaround that, but as elizabethcombrink said, that's an awful lot of (custom) work to do. 

                 

                The other option is to prevent launch on the history panel.  (I assume, I haven't tried this yet).  I was hoping to avoid that, as I can't know every single thing that users might need to do through the history and be sure that they have another way to access it.