ASPRunner Professional 7.1 manual - Audit and record locking

The Audit trail page allows you to define the audit settings and configure record locking.

You can record the user actions like login/logout/record editing/adding/deleting etc to a database or file. On default the action logging is disabled.

To enable logging:

1. Go to the Security page and click Audit trail.

2. Select where to log user actions:

·	Log to database. Select a log table. To create new log table, select <Create new> in Log table list box and enter the table name to the text box below, for example project1_audit.

Log to file. Enter the log file name, for example audit.log. The current date is added automatically to the file name and log file is stored as audit_yyyymmdd.log, for example audit_20091222.log. When specified as action.log, the log files will be stored into your project root folder. To change this enter the file name as <folder>/<file name>. For example, log/audit.log.

3. Select the Log login/logout actions and Lock user account after three unsuccessful logins check boxes to enable the corresponding actions. Note that Lock user account after three unsuccessful logins option is available only if you selected Log to database.

4. Select tables to which the user actions should be logged. You can log only modifications performed to the table records (e.g. action = add, key field = 10) or modifications and field values (e.g. action = add, key field = 10, field = color, new value = red). So select the corresponding check boxes in the Table modifications area.

5. Click Ok.

audit_log_setup

To analyze information from the log table, you can add report or chart to your project or use online report/chart builder.

Example of log file

Date Time IP User Table Action Key field Field Old value New value

Dec 23,2009 15:41:37 127.0.0.1 admin carsusers login

Dec 23,2009 15:41:48 127.0.0.1 admin carsbcolor edit 1 color Taffeta White1 Taffeta White

Dec 23,2009 15:42:26 127.0.0.1 admin carsmake delete 15 id 15

Dec 23,2009 15:42:26 127.0.0.1 admin carsmake delete 15 make Lexus

You can use record locking to prevent simultaneous update of the same data on the Edit page. A locked record means it is not available for editing by other users. On default the record locking is disabled.

To enable record locking:

1. Go to the Security page and click Audit trail.

2. Select the Enable locking check box.

3. Select a lock table. The lock table is used to store record locks. To create new lock table, select <Create new> in Lock table list box and enter the table name to the text box below, for example project1_locking.

4. Select tables to which the record locking should be applied. You need to select the corresponding check boxes in the Table modifications area under Record locking.

5. Click Ok.

audit_lock_setup

User who tries to edit a locked record would be shown the message that the record is locked.

audit_lock_ex1

Note: admin user is able to unlock a record if it was blocked for too long or take ownership.

audit_lock_ex2

If user goes to the Edit page and then clicks Back, it turns out that the record remains blocked. To prevent this, automatic unlocking method is used. By default, the record will be unlocked after 300 seconds. You can change this value by editing the file include/locking.asp:

this_object.ConfirmTime = 250

this_object.UnlockTime = 300

The variable ConfirmTime determines how often the Edit page sends confirmation that the record is still locked. The variable UnlockTime determines the time (in seconds) after the last confirmation when the record will be unlocked automatically.

audit