What are the popular Dynamics AX reports for auditing and security management?
By Dennis Korol, Product Manager, Arbela Technologies
Auditors and security administrators rely heavily on reporting data to ensure compliance. Arbela Auditing & Security Manager solution already comes with several out of the box reports that provide all the information you will need for auditing and security.
The most popular reports are:
- Segregation of Duty Rules
- Security and User change logs
- Data and Access Inquiries
- Roles and permissions
Segregation of Duty Rules Report
The segregation of duties (SoD) report is a useful tool which will display the rules, their active dates, the level of security risk, mitigation of how to handle the violation and the security objects that can cause the violation. We also have options for you to manually set up which criteria this report can filter by such as severity, company or rule name.
User Change Log
Another report that is commonly used is the user change log which shows changes made to a user’s Role assignment. For example, if you wanted to see which user made changes to a role, the User Change Log report will give you a detailed breakdown. You can see the modified user, changes made, affected role, the user who made the change, and the date and time the change was made.
Security Change Log
The security change log is a great report that can track changes made in the backend to the security model. If you are interested in monitoring security changes to what a user has done such as: creating a new role, deletion, adding access to a field. The Security Change Log report will provide you data capturing at all levels. With this you will can view the created date and time of the change, the user name of the affected role making the revision, and what was done to the role such as modifications to duties, privileges and the type of action made.
The data monitoring log displays the output that is captured from the Data Monitoring Rules. Each time a tracked field is edited; a new record will be saved in the data monitoring log. The log captures changes made at any level and will provide detailed and comprehensive data. This is a great tool as it also allows you to monitor possible intrusions done outside of your Dynamics AX system in the case of hacking or fraud. You will easily be able to identify if the change was made in SQL, inside of AX or by a third party.
The form contains the columns below:
- Date and time of the data change
- User who made the data change
- Indication of data changes that were made to Dynamics application or in SQL
- Legal entity in which the change was made
- Label name of the table
- Field name: Application object tree (AOT) name of the field
- label name of the field
The Access Monitor is a detailed view that captures the users who were found to have violations of an access level of any object specified in rules. For example, if we say that a high risk can exist for all users when they have access to confirming purchase orders, we can check those users currently exposed to that risk. Essentially, the Access Monitor will let us identify the users and roles that have access to the defined capabilities.
Roles and Permissions
You can use Duties and Privileges to visualize Duties and the Permissions assigned to them. This report also contains the AOT name of each duty and privilege, module, menu path, and types of access outlining the permission for each privilege