Cant able to view audit history of user table

Mayuri Eklare
Tera Contributor

4 weeks ago

 

Hi Community , 

We want to enable the audit history for some user because , we haven't revoked the access for the user and we we can see updated by system , we want to check which has been done and who did the changes

Preview file
45 KB
0 Helpfuls
  • 828 Views
9 REPLIES 9

Ankur Bawiskar
Tera Patron

4 weeks ago

@Mayuri Eklare 

if this is sys_user form then OOTB sys_user table is not audited

Unless you enable it won't show audit history

Also remember even if you enable it will start showing from that time only when you enabled and not the earlier one

AnkurBawiskar_0-1768208992799.png

 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Mayuri Eklare
Tera Contributor
In response to Ankur Bawiskar

4 weeks ago

@Ankur Bawiskar We have checked from end we have enabled the audit history for sys_user table and made some changes in the table even though it is not capturing in the audit history

0 Helpfuls

Ankur Bawiskar
Tera Patron
In response to Mayuri Eklare

4 weeks ago

@Mayuri Eklare 

that related list seems to be a defined one.

did you check here how it's bringing the data and from where?

go here and open that and share config/script screenshot of that record

AnkurBawiskar_0-1768213451530.png

 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

tulasi8
Tera Contributor
In response to Ankur Bawiskar

4 weeks ago

we have only 4 records for "sys_user"table 

tulasi8_0-1768214033575.png

 

0 Helpfuls

Prathmeshda
Mega Guru

4 weeks ago

Hello @Mayuri Eklare 

Check if Auditing is Enabled for the Table

  • Go to System Definition → Tables.

  • Open the User [sys_user] table.

  • Look for the “Audit” checkbox.

    If it’s unchecked, enable it and save.
    Verify Access Control (ACL)

  • Go to System Security → Access Control (ACL).

  • Search for Table = sys_audit.
    Open a user record.

    Scroll to Audit History → it will show:

    • Field updated

    • Old value → new value

    • Updated by → when

      Check that the user role you are using has read access to sys_audit.

      Check the Actual Audit Records

      Once auditing is enabled and related list added:
      If you need who made a role/access change specifically, check sys_audit for roles or sys_user_role table.

      If this response proves useful, please mark it as Accept as Solution and Helpful. Doing so benefits both the community and me. 👍🙂

 

0 Helpfuls