Does the iBase Audit history feature record the changes made directly in the backend SQL server database

Troubleshooting

Problem

1.) An iBase database has had data (including SCC codes) manipulated in the back end SQL server database, not via iBase.

Is this recorded in Audit history?

2.) How can you determine if the record change was made in iBase or directly in SQL server?

(please note - all data manipulation should be via the iBase GUI; otherwise it could affect the supported status and integrity of the database)

Environment

This is using audit history and audit level 5 but please see

https://www.ibm.com/support/knowledgecenter/SS3J58_9.1.0/com.ibm.i2.ibase.admin.doc/controlling_what_is_audited.html

for more information on controlling what is audited

Resolving The Problem

1.) Audit history DOES record data manipulation/update/delete etc. in the backend SQL database, not just via iBase and this includes SCC codes.

2.) There IS also a way to determine if the change was made in iBase or direct in SQL server.

See below.

Screenshot of Audit history following a change made in the iBase application interface to an SCC security value on a person record (all data is fake data). The available SCC code values here are 1,2,3,4

So the iBase user, who has clearance to access the record, was able to change the SCC field, from a 2 to a 1

You can also see the end user (name hidden in screenshot) who made the change, the machine name they were on and the fact that the change was inside of iBase(because the iBase change column has a tick) and the edited by column has an iBase user specified

image-20190222103207-1

An edit was made in SQL server and we changed the same record and SCC value from 1 to 4 and then we exited SQL server

The change is visible in iBase on the person record - the security field is the last entry on the datasheet

image-20190222103548-2

Looking at Audit history the value change from 1 to 4 is recorded, but please note - the 'Edited by field' shows the SQL server User or OS user (name hidden in screenshot) that logged onto SQL server, (not an iBase user).

image-20190301094507-1

The 'OS user column' holds the same SQL server User or OS user. The Machine name is blank and the iBase change column doe NOT have a tick. All these are indicating the change has been made outside of iBase, direct in SQL server or by some alternative means.

The audit history recording of changes (inside and outside of iBase) , for non SCC codes is identical, just as comprehensive.

Related Information

Controlling what is audited

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXW43","label":"i2 iBase"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Historical Number

TS001912412

Was this topic helpful?

Document Information

Modified date:
01 March 2019

UID

ibm10872872

Tips