difference bwteen sys_audit and sys_audit_delete tables

Abhilash Kethip
Tera Contributor

‎07-14-2025 12:21 PM

I know that sys_audit table stores the entries of changes in the audited fields across the tables. Can you explain what is the purpose of sys_audit_delete table? Also, what are the best practices around data retention? Do we have to use archival/purge rules or auto-flush or table rotation for these tables?

  • 1,393 Views
2 REPLIES 2

GlideFather
Tera Patron

‎07-14-2025 12:46 PM

Hi @Abhilash Kethip,

  • sys_audit:
    • audit records for changes to audited fields
    • e.g., who changed what and when
  • sys_audit_delete
    • audit records for entire deleted records
    • i.e., when an entire record is deleted, not just a field change.

 

The audit is not active always. To do it, navigate to System > Dictionary:

Screenshot 2025-07-14 at 20.39.47.png

 

  • Filter the records as per required table and field,
  • then select Type == Collection
  • Audit is true or false

 

Example: sys_user_group

KamilT_0-1752522076876.png

 

After I marked Audit as true, any change to the group records will be audited at sys_audit table:

KamilT_1-1752522154773.png

You can see that field Description was changed from XYZ to XYZ1, by a user kter, you can see when it was, number of change (first, second, ...) and also document ID is a sys ID to the record - the particular Group.

 

While the sys_audit_delete stores a list of records with details who deleted, when and info about the file - SAND... are records in my custom table, catalog_ui_policy_action...

KamilT_2-1752522278852.png

 

Here will be records from sys_user_grmember when you will remove somebody a role it will be auditable here. 

 

Please let me know if you want to know more details. If it helped you, please consider this accepting as solution to your question. Thanks"

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


kalpanashar
Tera Contributor

‎07-15-2025 01:32 AM

@Abhilash Kethip 

 

 

  • When a record is deleted from a table that has auditing enabled, an entry is created in sys_audit_delete.

  • It captures metadata such as:

    • Table name

    • Sys ID of the deleted record

    • User who performed the deletion

    • Timestamp

  • Unlike sys_audit, which tracks field-level changes, sys_audit_delete logs the fact that a record was removed, helping with accountability and traceability.

Data Retention Best Practices

 

 

  • Define retention durations based on business and compliance requirements

  • Use archiving to offload old records while keeping historical data accessible

  • Schedule purging to delete outdated audit data and improve performance

  • Configure automated retention jobs via System Archiving and Scheduled Jobs

  • Monitor table sizes and audit logs regularly to prevent unnecessary data accumulation

  • Use tools like Instance Scan and Table Management to identify optimization areas

  • Coordinate with legal and security teams to align data policies with regulations

  • Avoid over-auditing — enable audit only on fields critical for tracking

  • Document audit and retention policies clearly for future reference and audits

 

 

0 Helpfuls