Restricted audit logs for sensitive data
You can restrict access to the audit logs of users who work on sensitive data. This requires changes to the user accounts of those who work on sensitive data and to the user accounts of those authorized to view restricted audit logs.
Before you begin
Users who do not have access to restricted audit logs can still view the audit history of any record accessible to them but they cannot see any of the changes made by users with restricted audit logs. Users who generate restricted audit logs cannot view the restricted audit logs of other users.
Note: You can also prevent users from viewing the history of entity and link records by denying
access to the History button. To do this, you turn on the View history check box in the System
Commands Access Control dialog.
For each user who works on sensitive data:
- In iBase Designer in the Security Manager, edit the account of the user whose audit log you want to restrict.
- On the Account page of the User dialog, turn on Restricted Audit Log.
Note: By default, system administrators do not have permission to view restricted audit logs. They
must be granted this permission like other types of user.
Procedure
To grant permission to view restricted audit logs, you need to create a new Database
Management group that includes the Audit Administrator role or edit an existing group. For
example: