Security Audit SmartObject

Use the Security Audit SmartObject to generate an audit log of all authorization framework security changes in your environment. You can, for example, use this SmartObject to generate reports for auditing, compliance or regulatory purposes. You must be a member of the Security Administrators role to execute methods of the Security Audit SmartObject. Find this SmartObject in the Designer at: All Items > System > Management > Security > SmartObjects > Security Audit and in Management at Categories > System > Management > Security > SmartObjects > Security Audit in Management.

Do not modify System SmartObjects in any way. These SmartObjects are used internally by the product, and software updates may modify these SmartObjects, undoing your changes. If you wish to modify a System SmartObject, create a copy of the SmartObject and edit the copy.


SmartObject Properties

Name Type Description Example Value
AuditID Number The unique ID of the audit item 2269
LogTimeStampUtc DateTime The time stamp of the of audit log item, in UTC format 2018-12-18T10:53:10
ModifiedBy Text The user, group or role that made the security change K2:DENALLIX\Administrator
ModifiedByType Text The identity type that made the change. Can be a User, Role or Group User
AuditActionName Text

This is the action that was performed on an object, class or identity. The following actions can be performed:

Action Value Action Name Description
0 None No action or an unknown action
1 Register An entity was registered
2 Deregister An entity was deregistered
4 Grant An identity was granted rights on an entity
5 Deny An identity was denied rights on an entity
6 Revoke An identity’s rights were revoked on an entity
31 UpdateName An entity's name was updated
32 UpdateClass An entity's class was updated
33 UpdateParent An entity's parent was updated
34 UpdateInherit An entity's inherit flag was updated
35 UpdatePropagate An entity's propagate flag was updated
36 UpdateOwner An entity's owner was updated
37 UpdateActionMask An entity's action mask was updated
38 UpdateDisplayName An entity's display name was updated
  • The audit entry always refer to a class, but if it refers to an object as well, the action pertains to that object
  • If an action refers to an Identity (Grant, Deny and Revoke actions), the affected identity columns are populated for the entry, otherwise it will be empty
Register
ClassName Text The type of entity that the security action was performed against Application
ClassID GUID The global unique identifier of the affected entity 45d0bfee-408f-4762-b971-420b980b279
ObjectName Text The name of the affected entity Employees
ObjectDisplayName Text The display name of the affected entity Workspace Registration
ObjectID GUID The unique ID of the affected entity 45d0bfee-408f-4762-b971-420b980b279
ActionName Text The name of the logged action performed View Data
ActionID GUID The ID of the action in GUID format 45d0bfee-408f-4762-b971-420b980b279
AffectedIdentity Text The identity affected by the security change Security Administrators
AffectedIdentityType Text The identity type of the identity affected by the security change Role
Rights Number The Authorization right that was logged. Use the table below to identify which right was logged:
RightDescriptionRights ValueHexadecimal Value
ViewAllows you to see items at design time1006714886002000
CreateAllows you to create items at design time.167772161000000
ModifyAllows you to update items at design time.26843545610000000
Modify + ViewAllows you to update and view items at design time.36910694416002000
Modify +Create + Delete + ViewAllows you to update, create, delete and view items at design time.5201018881F002000
Modify +Create + Delete + View + ExecuteAllows you to update, create, delete, view, and execute items at design time.5201020161F002080
ExecuteAllows you to use items at runtime.12880
DeleteAllows you to delete items at design time.1342177288000000
SecurityAllows you to administer security.2814749767106561000000000000
Security + View Allows you to administer security and view items at design time.281475077382144281475077382144
Read (RLS)Read right used in Authorization22
None No rights00
All RightsAllows you to perform any action.-1FFFFFFFFFFFFFFFF
A rights value can be a combination of values, for example, Create and Execute rights are 16777216 + 128.
The easiest way to see which values combine to give the rights value is to convert the value to hexadecimal. For example, the combination of Create and Execute rights is 16777344, which in hexadecimal is 1000080.
AuditEntry Memo The AuditEntry represents all the return properties as a single line of text. It contains all of the information for a single log entry (AuditId, LogTimestampUtc, etc) as JSON-formatted text {"AuditID":2322,"LogTimeStampUtc":"2018-12-14T05:43:33.727","ModifiedBy":"K2:DENALLIX\\BOB",
"ModifiedByType":"User","AuditActionName":"Register","ClassName":null,"ClassID":"3edb0c3c-07e2-45a8-b254-c62ada5ff90f",
"ObjectName":"Employees","ObjectDisplayName":null,"ObjectID":"d7c69dd4-5273-4fc9-ba05-54c8bddaeefa",
"ActionName":null,"ActionID":null,"AffectedIdentity":null,"AffectedIdentityType":null,"Rights":null}
List_AuditEntry_ Memo The List_AuditEntry_ is all the return properties for all the returned log entries (more than one AuditEntry value) combined as a single JSON-formatted line of text {"AuditID":2322,"LogTimeStampUtc":"2018-12-14T05:43:33.727","ModifiedBy":"K2:DENALLIX\\BOB",
"ModifiedByType":"User","AuditActionName":"Register","ClassName":null,"ClassID":"3edb0c3c-07e2-45a8-b254-c62ada5ff90f",
"ObjectName":"Employees","ObjectDisplayName":null,"ObjectID":"d7c69dd4-5273-4fc9-ba05-54c8bddaeefa",
"ActionName":null,"ActionID":null,"AffectedIdentity":null,"AffectedIdentityType":null,"Rights":null}

SmartObject Methods

The Security Audit SmartObject includes the following methods:

Method Description Properties
List Lists all the properties and their values of the SmartObject
  • AuditID
  • LogTimeStampUtc
  • ModifiedBy
  • ModifiedByType
  • AuditActionName
  • ClassName
  • ClassID
  • ObjectName
  • ObjectDisplayName
  • ObjectID
  • ActionName
  • ActionID
  • AffectedIdentityType
  • Rights
  • AuditEntry
  • List_AuditEntry_
List To Serialized Item Lists all properties in a serialized format AuditEntry
Read to Serialized Item Reads all properties in a serialized format List_AuditEntry_

Example: using the Security Audit SmartObject

You can create a list view in the Designer to build a re-usable View and Form to list security audit events, or execute the Security Audit SmartObject in Management to list security changes in your environment.

In the Designer, generate a list view of the Security Audit SmartObject and run the view to view the audit log:

In Management, execute the List, List To Serialized Item, or and Read to Serialized Item methods, to view the audit log:

Considerations

  • There is no retention policy applied to the audit logs captured by the Security Audit SmartObject. Audit log information is retained indefinitely in your SQL database. If you want to remove the audit log information, contact Nintex Customer Central for further assistance
  • Audit Log information is stored in your SQL database not in files. If your database begins to run out of disk space and you want to free up space by removing audit log information, contact Nintex Customer Central for further assistance
  • The security audit SmartObject only stores security changes set from the authorization framework.