Knowledge Base

Access Management

Deep Dive Articles

Audit Trails - A Deep Dive

Overview

Audit Trails capture and store logs of all activities performed within the OvalEdge application. The Audit Trails provide information about the events that have occurred in the system, including details on which user performed a specific activity and when it took place. It enables tracking of modifications made to the data catalog and governance catalog objects, user login details, updates to governance roles, and updates to reference data management and lineage activities.

Accessing Audit Trails:

The Audit Trails are part of OvalEdge's Administration module. Only users assigned with the default role of Admin (ovaledge.role.admin) in OvalEdge's System Settings have the privilege to view the captured information within the Audit Trails.

Audit Trails Tabs:

Users: Displays login and logout details for each user, along with updates to their roles.
- Logins: Displays information about the user's login and logout times, duration, status (success/failed), and IP address. Administrators can track the number of users and time spent on the OvalEdge application.
- User Roles: Displays information about user roles added or deleted for a particular user. Administrators can track which user roles have been applied to users and by whom.
Catalog: Displays an audit of all changes, including additions, updates, deletions, or audits of Terms, Tags, Data Objects, Codes, Custom Fields, and Descriptions.
- Terms: Displays the changes (additions, updates, and deletions) made to terms associated with a specific data object along with the corresponding individual responsible for the update of the data of that change.
- Tags: Displays the changes (additions, updates, and deletions) made to tags associated with a specific data object along with the corresponding individual responsible for the update of the data of that change.
- Data Objects: Displays the changes made to data object governance roles. When a data object is crawled, it undergoes auditing due to its association with a governance role. In addition, if someone updates the governance role for the object, it is audited.
- Codes: Displays details of queries executed and downloaded in the OvalEdge application.
- Custom Field Values: Displays the information about creating and updating custom fields. It helps users understand the details of a custom field added to a data object.
- Custom Object Definition: Displays the information about creating and updating custom objects. It helps users understand the details of code, text, and date custom fields added to a data object.
- Description: Displays the information about creating, and updating descriptions. It helps users understand the details of business, technical, and source descriptions added to a data object.
Connectors: Displays details of a connector when a user sets up, deletes, or modifies a connection.
Governance Catalog: Displays an audit of all changes, including additions, updates, deletions, or audits of Tags, Terms, and Domains.

Reference Data Management: Displays detailed instances of when a Reference Data (RD) unit or its attributes were added, updated, or deleted in OvalEdge.
Lineage: Displays detailed instances of the Source Object, Lineage Direction, Target Object, Action, Lineage Source, Lineage Version, Dataset Version Modified, and Modified by.

Users

The User Audit Trails record activities related to user logins and role changes.

Logins

OvalEdge accurately logs every login attempt, capturing both successful and unsuccessful activities. "Logins" provides key details about user logins, including:

User Name: The names of users who successfully logged into the OvalEdge Application.
IP Address: The IP Address of the device or system from which the login originated.
Login Time: The exact timestamp when the user initiated the login process.
Logout Time: The timestamp when the user logs out of the OvalEdge application.
Duration: Records and displays each user's session duration in the OvalEdge application.
Login Status: Indicates whether the login attempt was successful or unsuccessful.

Example: On December 2, 2023, at 11:41:22 am, User Peter Scot logged into the OvalEdge application. He subsequently logs out at 12:12:10 PM. The audit trail for logins includes the following information:

User Name	IP Address	Login Time	Logout Time	Duration	Login Status
Peter Scot	123.12.124.14	11:41:22 am	12:12:10 PM	00:30:48	Success

Below is a sample screenshot featuring Audit Trails > User's Login information for your reference.

Note: The results can be sorted/filtered by User Name, IP address, Login Time, Logout Time, and Duration in both ascending and descending order.

User Roles

In OvalEdge, user roles play a central role, and any modification to these roles whether it involves adding, updating, or deleting roles for a user is meticulously captured. This comprehensive logging system not only records role changes but also captures other important activities, including

User Name: The username of the user on whom the role change has occurred.
Updated Roles: The specific role on which the update has taken place.
Updated By: The specific user responsible for making the change.
Last Updated Date: The timestamp indicates when the action took place.
Action: Specifies the action that occurred, whether it's an addition or deletion.

Example: In the OvalEdge application user Peter Scot initially assigned the OE_ADMIN and Author_Role, made changes to his roles on December 2, 2023, at 12:43:45 PM with OE_PUBLIC, and Deleted the Author_Role. The audit trail for user roles includes the following information:

User Name	Updated Roles	Updated By	Last Updated Date	Action
Peter Scot	OE_PUBLIC	Peter	2023-12-02 12:43:45 PM	ADD
Peter Scot	Author_Role	Peter	2023-12-02 12:43:45 PM	DELETE

Below is a sample screenshot featuring Audit Trails > User's Roles information for your reference.

Note: The results can be sorted/filtered by User Name, Updated Roles, Updated By, Last Updated On, and Action type.

Catalog

The Catalog Audit Trails showcase actions related to Terms, Tags, Data Objects, Codes, Custom Fields, Custom Object Definitions, and Descriptions.

Terms

In OvalEdge when a term is associated or disassociated from a data object such as Schema, Table, Table Column, File, etc., the system meticulously records and displays the following details:

Object Name: The specific data object where association or dissociation occurred.
Data Object Type: The specific type of Data object, such as Schema, Table, Table Column, File, etc., on which association or dissociation has occurred.
Term: The name of the term involved in the association or dissociation.
Action: Indicates whether an association has occurred (indicated with "Add") or if a dissociation has occurred (indicated with "Delete").
Updated by: The specific user who made the change.
Audit Date: Specifies the timestamp of when the action took place.

Example: In the OvalEdge application user Peter Scot associated the term "100% marks" (from the Education domain) with the IPEDS report and removed the term "School" (from the Education domain) from the data object "Student_Identifier Table Column" on December 2, 2023, at 06:20:40 PM. The audit trail for terms includes the following information:

Object Name	Object Type	Terms	Action	Updated By	Audit Date
IPEDS	Report	Education.100% Marks	ADD	Peter.scot@ovaledge.com	2023-12-02 06:20:40 PM
Student_identifier	Table Column	Education.School	DELETE	Peter.scot@ovaledge.com	2023-12-02 06:20:40 PM

Below is a sample screenshot featuring Catalog Terms information for your reference.

Note: Results can be sorted/filtered by Object Name, Object Type, Term, and Audit Date fields in ascending or descending order.

Data Objects

The Data Objects tab provides detailed information about changes made to data object governance roles. When a data object crawls, it is automatically audited due to its association with a governance role. Similarly, if the governance role for the object is updated further, these changes are also audited and displayed with the following information:

Connector Name: The name of the connector on which the action occurred.
Data Object Type: The specific type of data object, such as Schema, Table, Table Column, File, etc., where the change has occurred.
Object ID: The unique ID of the specific data object.
Object Name: The specific name of the object where the change occurred.
Action: Captures the action that took place, with "INSERTED" indicating changes during crawling and "UPDATED" for subsequent updates.
Owner From: Specifies the existing owner of the data object (Governance role user).
Owner To: Specifies the new owner of the data object (Governance role user).
Steward From: Specifies the existing steward of the data object (Governance role user).
Steward To: Specifies the new steward of the data object (Governance role user).
Custodian From: Specifies the existing custodian of the data object (Governance role user).
Custodian To: Specifies the new custodian of the data object (Governance role user).
Any Other Optional Governance Role From and To: Specifies changes to any optional governance roles defined.
Source: Specifies information about the source through which the action took place, whether it was through crawling or the catalog.
Updated By: The specific user who made the change.
Updated On: Specifies the timestamp of when the action took place.

Example: In the OvalEdge application if the owner of the "Cali vs Texas" report changed from Harry to Peter Scot by Scot on December 2, 2023, at 06:20:40 PM. The audit trail for data objects includes the following information:

Connection Name	Object Type	Object Id	Object Name	Action	Ownership Changed From	Ownership Changed To	Updated By	Updated On
Tableau	Report	1000	Cali vs Texas	UPDATED	Owner	Peter Scot	Peter scot	2023-12-02 06:20:40 PM
Tableau	Report	1000	Cali vs Texas	DELETED	Owner	Harry	Peter scot	2023-12-02 06:20:40 PM

Below is a sample screenshot featuring Audit Trails > Data Objects for reference.

Codes

The Codes tab captures and presents detailed information about query execution and downloads within the Query Sheet of the OvalEdge application with the following details.

Code Name: The code name where the action occurred.
Code: The actual code where the action occurred.
Downloaded: Indicates whether the code was downloaded by the user, with options for "Yes" or "No."
Execution User: The name of the user who ran the code.
Execution Type: The type of execution that occurred, such as SQL, trigger, procedure, etc.
Execution Date: Specifies the timestamp of when the action took place.

Below is a sample screenshot featuring Audit Trails > Codes for reference.

Custom Field Values

The Custom Field Values tab in OvalEdge captures and presents detailed information about custom field creation, update, and audit. This information helps users understand the specifics of a custom field added or updated to a data object. The following details include:

Custom Field Type: The type of custom field, whether Text, Number, Code, or Date, on which the action occurred.
Custom Field Name: The name of the custom field where the action occurred.
Object Name: The specific name of the object on which the change occurred.
Object Type: The specific object type, such as Schema, Table, Table Column, File, etc., on which the change occurred.
Action: Indicates whether the action involves the addition, update, or deletion of the custom field value.
Changed Value: Specifies the value of the custom field changed.
Updated by: The specific user who made the change.
Audit Date: Specifies the timestamp of when the action took place.

Below is a sample screenshot featuring Audit Trails > Custom Field Values for reference.

Custom Object Definition

The Custom Object Definition tab captures and provides information about custom object creation, update, and audit. It aids users in understanding the details of code, text, and date custom fields added to a data object, offering the following information:

Custom Field Type: Specifies the type of custom field, such as Text, Code, Number, or Date.
Custom Field Name: Represents the name of the custom field where the action occurred.
Object Type: Indicates the type of data object (Schema, Table, File, Report, etc.) on which the custom field is defined.
Action: Indicates whether the custom field object was added, updated, or deleted.
Changed Element: Specifies the particular element type where the change occurred. This includes the name of a custom field, the option of enabling or disabling, making the custom field editable in UI, editable in API, and LMDF (Load Metadata From Files).
Connector ID: Represents the ID of the connector on which the change occurred.
Updated by: Specifies the specific user who made the change.
Audit Date: Specifies the timestamp of when the action occurred.

Below is a sample screenshot featuring Audit Trails > Custom Object Definition for reference.

Description

The Description tab captures and displays information about description creation, updating, and auditing. It facilitates user understanding of the specifics related to business, technical, and source descriptions added or updated for a data object, providing the following details:

Object Name: Specifies the name of the specific object on which the change occurred.
Object Type: Indicates the specific object type, such as Schema, Table, Table Column, File, Term, etc., on which the change has occurred.
Source: Specifies the source through which the change was made (Data Catalog, LMDF, Service Desk, OvalEdge APIs).
Action: Captures whether a Business or Technical description was added or updated.
Description Type: Specifies whether the change involves a Business or Technical description.
Updated by: Specifies the specific user who made the change.
Audit Date: Specifies the timestamp of when the action took place.

Below is a sample screenshot featuring Audit Trails > Description for reference.

Connectors

The Connectors tab captures and presents details about the connector when a user establishes, deletes, or modifies a connection. It includes the following details:

Connector Name: Designates the name of the connector on which the change occurred.
Connector Type: Specifies the type of the connector, such as RDBMS, File, Reports, etc., where the change occurred.
Action: Describes the action performed on the connector, whether it is an Add, Update, or Delete action.
Updated by: Specifies the name of the user who made the change.
Audit Date: Provides the timestamp of when the action took place.
Created By: Indicates the user who created the corresponding connector.

Example: In the OvalEdge application, if the S3 connection is established then the audit trail for connectors includes the following information:

Connection Name	Connection Type	Action	Updated By	Audit Date	Created Date
S3	File	ADD	Admin	2023-12-20 06:41:24 PM	Admin

Below is a sample screenshot featuring Audit Trails > Connectors for reference:

Governance Catalog

The Governance Catalog tab captures and displays instances when a Tag, Term, or Domain is created, updated, or deleted in OvalEdge. The details are as follows:

Tags

In the Tags tab, actions are captured when a role with the configuration "ovaledge.tag.role," such as Tag Admin, or Default Role Admin ("ovaledge.role.admin"), creates, updates, or deletes tags through the OvalEdge UI Tags, APIs, or Load Metadata From Files modules.

Additionally, it records actions when the default Role Admin ("ovaledge.role.admin") creates a DAG.

Tag: The name of the tag on which the action took place.
Type: Specifies the type of tag (Tag, DAG).
Action: Captures and displays the action that took place (Tag Added/Updated/Deleted).
Action Details: Displays the additional information, such as tag name updates, tag type updates, etc.
Updated by: Displays the specific user who made the change.
Audit Date: Provides the timestamp of when the action took place.

Example: In the OvalEdge application the user Peter Scot created a tag “Marketing”, and then deleted the same tag on December 2, 2023, at 06:20:40 PM. The audit trail for Governance Catalog-Tags includes the following information:

Tag	Type	Action	Action Details	Updated By	Audit Date
Marketing	Tag	ADD	Marketing tag Added	Peter.scot	2023-12-02 06:20:40 PM
Marketing	Tag	DELETE	Marketing tag Deleted	Peter.scot	2023-12-02 06:20:40 PM

Below is a sample screenshot featuring Audit Trails > Governance Catalog > Tags for reference

Terms

In the Terms tab, actions are captured when a role with Meta Write access on a specific domain creates, updates, or deletes a term through Business Glossary, OvalEdge API, or Load Metadata From Files (LMDF). It includes the following details:

Term: The name of the term on which the action took place.
Action: Captures and displays the action that took place (Term Added/Updated/Deleted).
Action Details: Displays the additional information, such as term name updates, etc.
Updated by: Displays the specific user who made the change.
Audit Date: Provides the timestamp of when the action took place.

Example: In the OvalEdge application the user Peter Scot created the term “Production”, and then deleted the same term on December 2, 2023, at 06:20:40 PM. The audit trail for Governance Catalog-Terms includes the following information:

Term	Action	Action Details	Updated By	Audit Date
Production	ADD	Production term Added	Peter.scot	2023-12-02 06:20:40 PM
Production	DELETE	Production term Deleted	Peter.scot	2023-12-02 06:20:40 PM

Below is a sample screenshot featuring Audit Trails > Governance Catalog > Terms for reference

Domains

In the Domains tab, actions are captured when a role with Domain creator configuration ("ovaledge.domain.creator") creates a domain or whenever a Security & Governance Admin (for the specific domain) updates/deletes a domain. It includes the following details:

Domain: The name of the domain on which the action has taken place.
Type: Specifies whether the domain is associated with the Governance Catalog or Data Story.
Action: Captures and displays details about if a domain was Added, Updated, or Deleted.
Action Details: Displays the additional details like New Category is added, Sub-Category is added, etc.
Updated by: Provides the specific user, who has made the change.
Audit Date: Provides the timestamp of when the action has taken place.

Example: In the OvalEdge application the user Peter Scot created a Banking Domain, and then deleted the same domain on December 2, 2023, at 06:20:40 PM. The audit trail for Governance Catalog-Domains includes the following information:

Domain	Type	Action	Action Details	Updated By	Audit Date
Banking	Governance_Catalog	ADD	Banking Domain Added	Peter.scot	2023-12-02 06:20:40 PM
Banking	Governance_Catalog	DELETE	Banking Domain Deleted	Peter.scot	2023-12-02 06:20:40 PM

Below is a sample screenshot featuring Audit Trails > Governance Catalog > Domains for reference:

Reference Data Management

The Referencing Data Management tab captures and displays events that occur when a Reference Data Admin (RD Admin) creates or deletes a Reference Data Unit or when it is updated by a Steward of the corresponding RD unit. It includes the following details:

RD Unit: The name of the RD unit where the change occurred.
Connector: The name of the connector to which the RD is linked.
Object Type: Specifies the type of object to which the RD unit is associated, such as a Table Column.
Attribute Name: Specifies the name of the attribute (equivalent to the name of the table column).
Action: Captures and displays details such as whether a specific Steward was added or updated, or if the title of the RD unit was changed.
From: Specifies the previous value of the attribute or RD unit.
To: Specifies the new value of the attribute or RD unit.
Updated By: Specifies the specific user responsible for the change.
Updated On: Provides the timestamp indicating when the action took place.

Below is a sample screenshot featuring Audit Trails > Referencing Data Management for reference

Lineage

The Lineage tab provides a comprehensive history of lineage activities. It provides insights into source and target objects, and actions performed, such as additions, updates, and deletions. The Default Role Admin can easily monitor the lineage's evolution, ensuring transparency and better understanding. It includes the following details:

Source Object: The name of the source object in the lineage.
Code: Captures and displays the code responsible for constructing the lineage.
Lineage Direction: Indicates the lineage direction based on the source or destination object (Upstream for Source and Downstream for Destination).
Target Object: The name of the target object in the lineage.
Action: Specifies whether the lineage was added, updated, or deleted.
Lineage Source: Captures and displays the type of source used in constructing the lineage, whether Manual, Auto, or API.
Lineage Version: The lineage version corresponding to the action (e.g., 1, 2, 3).
Dataset Version: The dataset version corresponding to the action (e.g., 1, 2, 3).
Modified On: Indicates the timestamp when the corresponding action took place.
Modified By: Provides the name of the user who performed the corresponding action.

Below is a sample screenshot featuring Audit Trails > Lineage for reference

Audit Trail Data Archival

For enhanced application performance, OvalEdge provides the flexibility to archive Audit Trail details through various methods. You can achieve this using the following options within the application:

Administration > Advanced Job - Audit Data Archival:

This feature enables the archival of Audit Trail data.

Administration > System Settings:

In the Administration > System Settings > Audit Data Archival section.

Users assigned with the default role of Admin (ovaledge.role.admin) in OvalEdge's System Settings can define an archival policy. This policy includes specifying the data retention period for archiving logs. The default retention period is set to 2 years for all the tables. Once the retention period for a particular dataset expires, it is automatically deleted. Users also have the choice to archive logs in either CSV or SQL format. The Audit Data Archival Configuration displays essential information such as current row count, days to retention, archive before deletion, CSV, SQL, and the last archive date.