I am on 2021.2 and don’t have a more recent version to test on.
I know that there were some recent updates that allow more robust logging of actions in the system. Can anyone let me know if you are now able to turn on logging for a User? Basically, log everything Fred does in the system?
Thanks
Define “Everything”?
That could be a lot of data.
Ultimately the answer is yes though, but it might be a lot of work depending how comprehensive everything is.
I know there is that menu tracker module that logs every menu that is opened by a user. I did not know if there was a layer deeper that said the user created/saved/deleted something after they opened it.
I am asking for SOX purposes as there is no way to restrict what a System Manager can do. If there was something that could log more than just what menus they open, that would be much better.
It sort of sounds like you are saying “Turn change logging on for every field, on every table that a user might touch”
And, that’s doable, but a whole lot of work and data, probably so much you’d cripple your system in short time.
You could maybe tack a BPM on every .Update and .UpdateMaster method, to save less granular data like “User xxx added a row to table yyy” - “user xxx deleted a row from table yyy” - “user xxx modified a row in table yyy” - but that still sounds like a lot of work.
For SOX compliance you’d probably want to use a break glass system admin account. Not sure how youd track the specific actions it took tho…
And that is the problem. Yes, technically Epicor has the tools to use to be SOX compliant, but to actually do it would be obscene amount of work and would probably cripple the system. And the kicker is, if you have a break glass account, how are you going to create new users? It is hardcoded that you have to be a System Manager to change any user accounts.
I was hoping that the system tracking in the newer versions would give me a solution, but I guess not.
The only thing that I can think of is to set up a ton of CDC logs that only capture stuff done by users with System Manager access. But I have no idea what the impact of that would be. Is the CDC less resource heavy than change logs?
This was a feature request from 2018 (before Epicor Ideas) about external logging since I was at a SOX-compliant company.