You can track changes that are made to sensitive data. To be able to do so, first set up the sensitive data change tracking by field.
Name | Responsible | Description |
---|---|---|
Set up sensitive data change tracking |
Security administrator |
You can set up the tracking of changes to sensitive data. You set up sensitive data change tracking by field. You can define the fields, for which sensitive data changes must tracked, in these ways:
|
Set up staging table mapping to track sensitive data changes |
Security administrator |
You can add any field from any table to the sensitive data setup. However, the table can be date-effective or part of an inheritance structure. In this case, the table cannot be used to enable change logging for sensitive data. Instead, the related staging table must be used to enable change logging for sensitive data. To define which staging table must be used to enable change logging, map the date-effective table or inheritance structure table to the desired staging table. Also, map the applicable fields of the date-effective table or inheritance structure table to the related fields of the staging table. Examples of date-effective tables or inheritance structure tables and related staging tables are:
|
Edit query for sensitive data change tracking |
Security administrator |
On the sensitive data change tracking setup, you define the table fields for which sensitive data changes must tracked. For each table that is defined in the General section of the Sensitive data setup page, a query is created automatically. If the the defined table is a:
A query is applied on record level to the related table. You can edit an automatically created query. Usually, you edit a query only in specific cases. For example, if a table record has a type field, you can make the query type-specific. For the LogisticsElectronicAddress table, you can, for example, track sensitive data changes only for addresses that are marked as Private. To do so, add a range to the related query with the Private field, and Criteria set to Yes. |
Define users who can view sensitive data change log |
Security administrator |
On the sensitive data change tracking setup, you can define the users who can view the changes that are logged for the sensitive data setup. If you:
|
Monitor sensitive data change log |
Security auditor |
When you have set up the tracking of sensitive data changes, changes to sensitive data are logged. Who can view the sensitive data log is defined on the related sensitive data change tracking users setup. If on the sensitive data setup:
On the Sensitive data log page, in the:
|