The Auditing Framework in SAP BusinessObjects Enterprise has grown by leaps and bounds with each new version. The XI Release 2 version was rudimentary. The XI 3.x version was actually quite useful. Now, with the new BI 4.0 version, auditing is essential in understanding how your Business Intelligence architecture is being utilized. Without it, you're flying blind.
I'm really happy with it, since, as a support guy, I'm thinking it's going to make my job a
lot easier.
New Auditing Features
There's tons of enhancements to the auditing framework - you can read about it in the
Administrator's Guide.
I'll briefly describe what I find the most interesting - from a custom coder perspective.
Each auditing event entry in the ADS_EVENT table has a Action_ID value. As documented, this ID is 'A unique identifier that can be used to tie together a sequence of events initiatedby a single user action'. So say a user clicks refresh on a dashboard, that then in turn refreshes a Web Intelligence document contained within. The Action_ID will tie this cascade of events across multiple services back to the initiating user action. In previous version, it was difficult to determine, looking at an auditing event for a document refresh, what exactly triggered the refresh request. Not anymore!
In support, we spend appreciable time tracing back auditing and tracelogs, comparing timestamp values, just to infer this info. Like I said, this new auditing feature is going to make my job a lot easier.
But what if the event was trigged by a custom application that uses the SAP BusinessObjects Enterprise SDK? In previous versions, custom apps just weren't within the purview of audited events. Not anymore!
If you look at the ADS_EVENT.CLIENT_TYPE_ID column, those values are CUID representing the application that invoked the event. If you link that column to ADS_APPLICATION_TYPE_STR.APPLICATION_TYPE_ID, and print out the ADS_APPLICATION_TYPE_STR.APPLICATION_TYPE_NAME, you'll see values like 'BI Launchpad', 'CMC', 'Web Intelligence', etc. This is the way to simply determine which client application requested the service that triggered the auditing event.
Custom Code and the Auditing Framework
But what of custom applications? If you full-scan the ADS_APPLICATION_TYPE_STR, you'll see interesting values for the APPLICATION_TYPE_NAME: 'Custom Application 1', Custom Application 2', etc, all the way up to 'Custom Application 25'.
Those 25 CLIENT_TYPE_ID values have been reserved specifically for custom applications. If you look in the SAP BusinessObjects Enterprise Java SDK
Developer's Guide, you'll see all the custom application CUIDs listed:
CUID |
Application Name |
---|
AZ4HLbS0loRMpE2twk442RU |
Custom Application 1 |
AR6QLgQwJjxElm502FT_b4A |
Custom Application 2 |
AWYcldOex_tAodjJRrlogIk |
Custom Application 3 |
ASahxem3v_xGjXsQKQaskyk |
Custom Application 4 |
AbKQQkLhQ9RKpbMEV7DECkc |
Custom Application 5 |
AcBrUi5J0rVCiFZ.M35hCYM |
Custom Application 6 |
Afbw5UJ0UYdJlNbhDusG1mc |
Custom Application 7 |
AT084MQMNHlIs1fUB9Y4x8k |
Custom Application 8 |
AT0F5dLN5rZJq9IuT7pILTU |
Custom Application 9 |
AXKjeUbzVq1Gm9XS4klF1Ho |
Custom Application 10 |
ARc7Bcof_V1JpaH.LaBmKMM |
Custom Application 11 |
AZFkpRO4waBGvZNBt4R85YY |
Custom Application 12 |
AZETCpaYYmRIingE_hCnWFw |
Custom Application 13 |
ARAGSiINlAtMvkpuANjWU6I |
Custom Application 14 |
AcfWGfuiPeREmYs3drOx0sQ |
Custom Application 15 |
AUKOYrZfNBpNimTvy.m_WxU |
Custom Application 16 |
Acdt0d02A6VNq3o8DWHWpH8 |
Custom Application 17 |
ASRvlZ.mkeVJrhmSxnCqFb8 |
Custom Application 18 |
AXydQKHjGVROt_8czecFvxE |
Custom Application 19 |
Ae25eOj9rcFMj31xm.i_5U8 |
Custom Application 20 |
AU0U6l7_vcJKsSBk8eZBQBM |
Custom Application 21 |
AUPgOLoPl9JGl5M19R1SeXw |
Custom Application 22 |
Aa7yGnOcE1pPmfkDuxznG7U |
Custom Application 23 |
AQ8m0QHV9LNArZcRo6a2xuM |
Custom Application 24 |
ASyT3vZzFuZKkE7iXkp_tuI |
Custom Application 25 |
Registering your custom app to register itself as one of these client IDs is quite simple. There's a new logon method, ISessionMgr.logonEx(String username, String password, String cmsname, String authtype, IEnterpriseLogonInformation logonInformation) that accepts a IEnterpriseLogonInformation instance. By specifying the ClientType bean for the IEnterpriseLogonInformation, subsequent actions taken by the generated EnterpriseSession will be audited under that CLIENT_TYPE_ID value. For example, the following code snippet:
Log on code snippet registering app under Custom Application 13
registers the EnterpriseSession as 'Custom Application 13', and any subsequent actions triggered via this EnterpriseSession will cause an audit event with CLIENT_TYPE_ID equal to "AZETCpaYYmRIingE_hCnWFw".
For any new development work with SAP BusinessObjects Enterprise BI 4.0 using the Enterprise SDK, I strongly encourage you to register your application with the auditing framework. It'll be a good idea to conference in all interested developers within your organization, and ensure each of the 25 custom application slots are used uniquely by each separate custom apps being developed.
And not just because it'll make my job troubleshooting workflow issues on client deployments that much easier
🙂
Conclusion
The new auditing framework allows for auditing events triggered by users using custom code. I highly recommend its use.