Time to catchup again 😁😎
Why the HR data needs auditing?
Managing HR data is very challenging both legally and ethically. HR team needs to understand the existing policies and proven processes whilst using the concerned data in their processes as it quite obvious that employers generally have greater obligations from GDPR (General Data Protection Regulation). So at any given point of time, HR team should be able to give justifications to the employer (if required) on:
- What data has been created/updated/deleted?
- Who has access to the data?
- What procedures are taken to restrict the data thereby keeping it safe?
- How long the audit data can be retained?
What D365HR can offer as of now?
Security roles, anyways, provides the access that is defined for. Another basic expectation from any ERP application, is its capability to provide audit logs for a record at any given point of time.
Currently D365HR provides basic information of the record like when it has been created/modified and who has created.
Note: If you click Database log instead of show all records, then system will throw error message: “You don’t have the required permissions to open this page. Please contact your system admin.” This feature is not available directly.
Highlighted section in the above screenshot shows who has created or modified the record and when it has been modified. This is available for the parent entity of the form.
This is the basic audit data that D365 HR provides to the users for any form or list page that is available. The below audit trail is still missing from the system:
- Detailed level of tracking — System cannot track what data has been modified and cannot give information like what is its previous value
- Child entity tracking cannot be enabled — The above screenshot is applicable for the changes in a worker entity. But if the address or contact info or financial dimensions are changed, system cannot provide information.
Database logging feature in D365HR
Provides a detailed and flexible audit trail for configured fields in Human Resources.
Any insert, update or delete you do for any sensitive information can be tracked now with the new feature. This database logging feature is already available in D365 Finance and Operations from long time. It was just missing in D365 Human Resources.
What you can do?
- Enable tracking for any table or any field
- Enable transaction wise auditing, example: you can enable auditing either for insert or update or delete or rename or combination of these too
What is the impact of using this feature?
- Expensive and require additional maintenance. System recording log for any kind of transaction means the database log table can grow quickly and cause an increase in the size of the database. The amount of growth depends on the amount of logged data that you decide to retain. As the log occupies your licensed quota, you need to increase it as and when required in the long run.
First thing to do!!
In order to create table level and field level database auditing, you need to enable the preview feature first.
HR team need to identify:
- For which records, the log has to be collected?
- For how long, the data needs to be retained?
For this article, I will show how to track the log for a specific field “Birth date”. You need to know in which table and the name of the field before you can enable it. You can find this info from right click and form information as shown below:
Final step, setup database log in D365HR
Once the above step is done, we need to enable the respective tables and fields to log the transactions.
Go to System administration > Links > Database > Database log setup
Click New and system will open a wizard as shown below:
Click on Next.
In the next screen, enable Show all tables and show table names as shown below. You can see the required table name and can expand to select the required fields.
If you select the complete table, every field that has been entered or updated will be tracked. Since we want to track birthdate only for this post, you need to expand the table and should select the required field as shown below and click on Next.
Track new transactions and Delete are not enabled here (as they will work for create or delete buttons, if a record based log needs to be maintained) and hence I have selected Update column. Click Next.
Click Finish and the setup is completed for the field Birthdate.
Let’s do some transactions
For a worker record, lets enter birthdate >> Save the record >> Change the birthdate again >> save the record.
You can verify the log by selecting the worker for whom the birthdate has been changed, by clicking on options > record info > database log as shown below:
If you want to see all the log details for all the workers at one place, you need to search for database log form in the search box as shown below. Unfortunately, direct form is not yet placed in system administration but can be searched and opened from below:
Open the form and you can see below:
Select the record under overview and click history tab as shown above, system will show you:
- What value was changed? — New value and previous value
- What kind of change? — Type of change is Update
- Who has changed? — The user id of the employee who updated, has been recorded
- When it was changed? — Modified date and time have been logged.
I have given just a sample example and steps on how to do that. You can explore for more scenarios.
How long you can retain the log?
You can clean-up the log either by manually or by scheduling a job that runs at periodic basis.
This feature will benefit you in tracking audit trails of the records and helps you in strict monitoring to see if your employees are adhering to the streamlined data entries and give you the statistics of who is frequently modifying the data or deleting the data etc.