Auditing in ServiceNow can be a tricky proposition. The sys_audit table is large, and searching it effectively can be a chore, especially if you are doing so in production. ServiceNow has provided us an example of how to not use the sys_audit table, but create our own custom auditing, instead.
Auditing Roles
Auditing of the sys_user_has_role table is not done in the sys_audit table. Changing the collection to be audit = true has no effect. ServiceNow has created a separate table to audit these very changes, sys_audit_role, so let's take a look.
This is a very interesting way to audit things, and a way we have used in our own development. If you need to audit small chunks of data, create your own table. Leave the OOB sys_audit table for auditing the OOB system and create your own table and business rule to audit your own creations.
Here is the business rule (https://<instance>.service-now.com/nav_to.do?uri=sys_script.do?sys_id=543b6f4f0a0a0b2c01214113f49f0c6f) that audits this table:
Advanced tab looks like this:
auditRoleChange();
function auditRoleChange() {
var auditRole = new GlideRecord("sys_audit_role");
if (!auditRole.isValid())
return;
auditRole.user = current.user;
auditRole.role = current.role;
auditRole.changed_by = gs.getUserID();
auditRole.granted_by_group = current.granted_by;
switch (current.operation()) {
case "update":
auditRole.operation = "Updated";
break;
case "delete":
auditRole.operation = "Removed";
break;
default: // it's an insert
auditRole.operation = "Added";
}
auditRole.count_after_change = countInstances();
auditRole.insert();
}
function countInstances() {
var count = new GlideAggregate("sys_user_has_role");
count.addQuery("user", current.user);
count.addQuery("role", current.role);
count.addAggregate("COUNT");
count.query();
var instances = 0;
if (count.next())
instances = count.getAggregate('COUNT');
return instances;
}
This gives the perfect blueprint as to how to make your own custom auditing table. We created a module in User Administration that allows us to view the role changes at any point. Just remember some things, since this table does have the potential to grow large:
Remember to exclude the table for clones:
And set up either rotation (if you only need to edit a particular period of time, i.e. the last 3 months) or extension (if you want to keep the data for longer periods of time):
What can you do with this? With such an emphasis on Custom Applications, you can control the auditing aspect of your own app. Or you can add it to modules and allow the support tiers to view the changes.
