Exclusion List Auditing: Activating and Deactivating Auditing for Specific Tables or Fields

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2024 10:46 PM
In a standard out-of-the-box ServiceNow instance, the system comes pre-configured to audit certain tables and fields. However, there may be times when you need to turn off auditing for specific tables or fields, or conversely, enable auditing where it wasn't previously set. This article will guide you on how to activate or deactivate auditing for particular tables or fields.
The system supports two primary mechanisms for auditing a specific table: inclusion list auditing and exclusion list auditing. In inclusion list auditing, you specify which fields in a table should be monitored for changes. In contrast, exclusion list auditing sets up auditing for all fields, with exceptions for specific fields that you choose not to audit.
The standard auditing mechanism records changes in the value of a field within a specific table in auditing tables like sys_audit.
For example, if auditing is enabled for the State field on the Incident table, changing the value of the State field in an Incident record would generate an audit entry that looks something like this:
This article breaks down the general steps for auditing specific fields or tables, but let’s be real—sometimes you want to spice things up with a **table auditing inclusion list**. Inclusion list auditing is your go-to when the admin wants to keep an eye on just a handful of fields in a table while ignoring the rest. Curious about how to set this up and make it work for you? Check out the Additional Information section for all the juicy details!
Procedure
Auditing can be activated or deactivated at both the field and table levels, providing flexibility in how you monitor changes within your ServiceNow instance. The following sections will guide you through the steps to modify the auditing options at the table level, which by default will enable auditing for all fields within that table. Additionally, we will cover how to manage auditing specifically at the individual field level within a particular table.
1. Configure Auditing for Individual Tables
You have the option to configure a specific table within your ServiceNow instance to globally audit all fields associated with that table. This setup ensures that all non-system fields are audited, allowing you to track any changes made. System fields are typically those that begin with the "sys" prefix and are generally excluded from auditing to streamline the process and focus on user-generated data.
To configure auditing for a table, you will need to follow these detailed steps:
-
Log into the Instance: Start by accessing your ServiceNow instance with an account that has administrative privileges. This is essential, as only users with the appropriate rights can make changes to auditing settings.
-
Navigate to the Dictionary: Once you’re logged in, head over to the System Definition section in the application navigator. From there, select Dictionary. This area contains all the records for tables and fields within your instance.
-
Filter the List: In the Dictionary section, you’ll see a list of records. To find the specific table you want to configure for auditing, utilize the filtering options available at the top of the list. Enter the relevant table name to narrow down the results effectively.
-
Check the Record Type: After locating the record, ensure that the Type field is set to Collection. This confirms that you have selected the correct table for which you intend to enable auditing.
-
If the Audit column isn’t visible in the list, click the gear icon to adjust the list settings and include the Audit field.
-
Once the Audit column is displayed, double-click on the corresponding cell for the record you wish to modify.
-
The field will then become editable. You can change the value to either true or false, depending on whether you want to enable or disable auditing for that table. Use true to turn on auditing for the selected table, or false to turn it off,
- After making the necessary selection, click the green check icon to save the change.
2. Configure Auditing for Individual Fields (Exclusion list Auditing)
Individual fields within a table can be configured to enable or disable auditing for any changes made to that field, utilizing either exclusion list or inclusion list auditing. In this section, we will focus specifically on the steps required to set up exclusion list auditing.
To quickly and efficiently configure exclusion list auditing for individual fields, follow these detailed steps:
- Log In to the Instance: Begin by accessing your ServiceNow instance using an account that possesses administrative rights. This is crucial because only users with the appropriate permissions can modify auditing settings.
- Navigate to the Dictionary : Once you’re logged in, utilize the Menu Navigator to browse to the System Definition section. From there, select Dictionary. This section houses all the records related to tables and fields within your instance.
- Filter the Records : After you enter the Dictionary area, you will see a comprehensive list of Dictionary records. To efficiently locate the specific table and field you wish to modify, use the filtering options available. Ensure you filter the search results to display both the Table name and the Field name (Column name field) for the specific table and field you want to adjust.
- Access the Field Record : Once you’ve identified the correct record for the selected field, click on the related link labeled Advanced view. This action will provide you with a more detailed display of the record, allowing for easier modifications.
- Locate the Attributes Field : Within the advanced view, look for the **Attributes** text box associated with this record. This field is where you will input the necessary parameters to configure auditing settings.
- Disable Auditing : To disable auditing for this field under an exclusion list auditing scheme, you need to add the text no_audit to the Attributes field. If there are already values present in this text box, make sure to place a comma after the last attribute before appending no_audit. This ensures that all attributes are properly separated. Conversely, if the Attributes field is currently empty, simply enter no_audit directly into the text box.
- Save Changes : After adding this attribute, it’s essential to click the Update button to save your changes. This action finalizes your configuration and ensures that the auditing settings for the specified field are applied correctly.
By following these steps, you will have successfully set up exclusion list auditing for your chosen field, allowing you to tailor the auditing process to better fit your organization’s needs. This level of control can enhance your ability to manage data integrity while minimizing unnecessary auditing overhead.
To enable auditing for a field that is currently set to not be audited on a table configured for exclusion list auditing, you can switch to inclusion list auditing. This approach allows changes to fields, such as those in the alm_asset table, to be captured. For more details on this method and to understand why the value (true/false) for the no_audit attribute is ineffective, refer to KB0869832 - [Auditing] New Audit Modes Introduced in [Istanbul] and How to Enable Auditing for a Table Set to [no_audit] Out-of-Box (OOB) Using the New Inclusion-List Audit Mode. This ensures that auditing remains intact after upgrades and continues to capture changes to the field.
Thank you for reading! If you found this article helpful, please consider liking, sharing, and bookmarking it for future reference. Your support helps us provide more valuable content. If you have any questions or need further assistance, feel free to reach out!
Regards,
Vaishnavi Lathkar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-03-2024 11:36 AM
Hi @Vaishnavi Lathk ,
This a platform-related question. Please redirect this question to the platform community website here: https://www.servicenow.com/community/now-platform/ct-p/now-platform
Thank you,
Priscilla