Configuration Audit report- Provisioning System, RBP and MDF Objects
Hope you are doing good !!
If you haven’t read my previous blog post titled “Audit data and Configuration changes in SuccessFactors, please read it as this blog post is the continuation of my previous blog post on Change Audit report feature.
The prerequisites, required permissions and other stand procedures to use this feature has been explained in detail in my previous blog. So please visit the link given below before proceeding to this blog post.
Previous Blog post:
In this blog post, I have covered the idea of auditing configuration changes in SuccessFactors.
- RBP Changes
- Provisioning Changes
- MDF Configurational Changes
Role Based Permissions
In any organization, authorized usage or access permission is very critical and sensitive. For instance, what role has been modified and when it has been changed, which access permissions has been added/removed all have to be carefully audited and reviewed.
This feature comes handy when we need to generate report on the changes performed in RBP section.
Once the request is saved, navigate to “Access Reports” section to download the report.
In the above report, if you could see the operation performed column are given in notations.
So, here I am listing out all the important notations used under Operation tab.
EDD– Effective Dated Deleted
EDU– Effective Dated Update
MDF Configuration Data
This feature is used to audit all the changes performed under Object configurations.
All the custom Meta Data Framework object changes can be captured at the configuration level.
Provisioning System Changes
As per SAP standards, provisioning access is limited to only SAP partners and consultants. However, Clients can always audit the changes made by their supporting consultants via this feature.
Enter the Time range as per the requirement.
Navigate to “Access reports” section to download your report
This way we can audit sensitive and critical changes performed in the provisioning system.
Business Data Report
Similarly you can select “Business Data Report” option and audit the changes performed by the users in MDF change history sections or audit the employee profile page changes.
Please note that , any report that is generated should be reviewed within next 48 hours from the job successful notification. Otherwise, the report will be purged from the system and the below message will be shown.
I hope this blog post would have helped you to understand more about “Change Audit reports” feature and its functionalities. This tool could be used across different Employee central and platform areas to audit the changes at both data and Configurational levels.
Audit reports can be generated for a maximum time period of only 7 days at a time. We may have to create multiple reports if our audit requirement is for more than 7 days.
Some types of change audit data can take up to 72 hours to be made ready for reporting. Solutions impacted by this delay include: Compensation , Performance & Goals , Succession & Development (except Mentoring), Employee Profile, User Management, Proxy Management, and Role-Based Permissions
Audit reports are automatically purged after 48 hours. So, if we miss to download the report within 48 hours, then we may lose the report and have to generate again.
Storage limit for reports are exactly 1 GB
Field values in change audit reports can’t be more than 4000 characters. Longer values are truncated.
Hari: Great stuff, here. Quick question, I have a client that is looking for an audit report on Provisioning Access (granted and accessed) for the duration of their contract. Would the steps listed in your blog(s) yield the info. they're looking for?
Thanks for your response.
The steps listed in this blog would give us only the changes performed by the login users during a time period. I would say this might not be a ready report to fulfil your requirement but can be used as a work around.
That is by entering a desired period , you can fetch the login user info on that particular period and this way you might fetch the details of all those who have logged in during the contract period.
Also, you can navigate to "Manage Provisioning Access" from Admin center to Add/Remove or view user's access to provisioning, but even in here we don't have the option to filter out based on some time period.
Thanks for the response and guidance. I believe there's an ISO certification driving this ask. Time periods will become the main issue.
I believe that operations can deliver reporting for lengthier time periods. I'll be traveling that route, shortly.