eSignature Purge

This program lets you remove audit log entries relating to transactions that form part of the Electronic Signatures system, based on the age of the entries.

Exploring

You can configure the Electronic Signatures system to maintain a detailed transaction log for auditing purposes (which can be archived for later retrieval).

A computer-generated time-stamp records the date and time of operator entry (including creation, modification, or deletion of records). This lets you generate a secure audit trail of completed transactions, indicating who performed a transaction and when it occurred.

Functionality:

  • The eSignature Query program provides an audit log of information relating to transactions controlled by eSignatures.

  • The eSignature Report program lets you generate a report of audit log information relating to transactions requiring eSignatures.

  • The eSignature Purge program lets you remove audit log entries held on file (based on the age of the entries) to reduce the number of entries in the log table (the table can consume excessive disk space after you have used the Electronic Signatures system for some time).

    This purge system is controlled using the Global Configuration options where you can enable or disable purging and maintain run time selections.

This program is accessed from the Program List of the SYSPRO menu:

  • Program List > Administration > Electronic Signatures

Electronic Signatures (or eSignatures) let you increase control over your system changes by providing security access, transaction logging and event triggering.

This is achieved through the authentication and tracking of system activities against key business processes and sensitive data.

This applies to the Electronic Signatures system within SYSPRO.

A particular transaction or event initiated or performed by a standard user (i.e. with no administrator permissions) in SYSPRO can fire a particular trigger.

A trigger is the mechanism through which, for example, a VBScript can start running, an email can be sent or another program can be launched.

For example:

Changes to supplier details in the Suppliers program serve as a trigger for an email notification to a system administrator regarding these changes by a user within your system. This email is sent at the time which changes have been made by a user.

The types of triggers available include:

  • Email

  • Run a VBScript

  • Run any program

  • Run any application

  • Write to message inbox

  • Run an SRS report

Topics

Electronic Signatures

eSignature Library

Starting

  • To access this program, you must enable the Allow purge option within the Global Configuration of the Electronic Signature Configuration Setup program.

  • We recommend that you take a backup of your data before running this program.

You can restrict operator access to programs by assigning them to groups and applying access control against the group (configured using the Operator Groups program).

Solving

After defining your preferences for purging log records, you can use the eSignature Purge program to remove audit log entries held on file, based on the age of the entries:

  1. Open the Electronic Signature Configuration Setup program (Program List > Administration > Electronic Signatures).

    1. Select the Global Configuration function to load the Global Configuration window.

    2. From the Purge options section, select the Allow purge option to enable purging audit logs for eSignatures.

    3. Optionally enable the Allow run time selection option so that you can indicate the relevant number of months or years against the Purge log records older than drop-down.

    4. Select the Save function.

      You are returned to the Electronic Signature Configuration Setup program.

    5. Exit the Electronic Signature Configuration Setup program and restart SYSPRO for your changes to take effect.

  2. Open the eSignature Purge program (Program List > Administration > Electronic Signatures).

    1. At the Purge field, indicate if you want to remove all audit log information or only the details log.

    2. Use the slider to indicate the Months to retain records.

    3. Select the Start purge function and accept the confirmation message that is displayed.

    The program automatically closes and an informational message is displayed indicating how many records were removed.

This helps reduce the number of entries in the AdmSignatureLog and AdmSignatureLogDet tables as the number of entries can grow substantially after you have used the Electronic Signatures system for some time.

You would typically follow this procedure to generate a more detailed log per transaction, apart from the audit log which is generated by default when you set a transaction's access control to eSignatures or Log only.

In addition, you can add variables to provide insight into transactions performed or initiated by your SYSPRO operators:

  1. Load the Electronic Signature Transaction Setup program:

    1. Open the Electronic Signature Configuration Setup program (Program List > Administration > Electronic Signatures).

    2. Select the Maintain hyperlink (in the Transactions column) against the configuration level for which you want to define conditions. This loads the Electronic Signature Transaction Setup program.

      This only applies if the Transaction Type for the configuration is defined as Define by Transaction.

  2. Select the Edit hyperlink against the relevant transaction within the Transactions listview. Alternatively, select the Add condition hyperlink to add an additional condition. This enables the Configure pane.

  3. Define the Access level as eSignature or Log only.

  4. Enable the Detail log required option under the Logging and trigger options section.

  5. Optionally select the Configure details hyperlink to load the Configure Detail Log window:

    1. Indicate the variables that you want to include in the detailed log for the transaction by using the checkbox within the Select column.

      For example:

      You may want to know the name of the supplier and banking details associated with the supplier that was added by an operator for the AP Supplier added transaction.

      You'd therefore add the %Key, %Bank, %BankAccount and %BankBranch variables.

      Adding a large number of variables to the detail log can increase the size of the audit log table. Therefore, you should consider only including the required variables.

    2. Select Ok to save your selections.

  6. Select the Save function of the Electronic Signature Transaction Setup program to save your condition's configuration.

  7. Close the Electronic Signature Transaction Setup program.

  8. Exit the Electronic Signature Configuration Setup program and restart SYSPRO for your changes to take effect.

You can now view the audit logs for eSignature transactions using the eSignature Query program (Program List > Administration > Electronic Signatures).

The eSignature Report program lets you generate a report of audit log information relating to transactions requiring eSignatures:

  1. Open the eSignature Report program (Program List > Administration > Electronic Signatures).

  2. Indicate if you want to generate a Detail or Summary report at the Report type field.

  3. (Optional) Indicate your criteria preferences for which you want to generate the report.

    • Transaction selection

    • Transaction date selection

    • Transaction time selection

    • Operator selection

    • Program selection

    • Key selection

    • Variable selection

  4. (Optional) Use the Include options to define which transaction statuses you want to include in the report.

  5. (Optional) Define any additional report options you require within the Output Options pane.

  6. Select the Process function.

  7. Exit the eSignature Report program.

Using this lets you produce a report of the audit entries displayed in the eSignature Query program according specific report criteria and report options.

To view the audit log of eSignature transactions processed, proceed as follows:

  1. Open the eSignature Query program (Program List > Administration > Electronic Signatures).

  2. Indicate the relevant Time filter.

  3. Enable the Show detail option from the toolbar.

  4. Optionally define any criteria you require within the Filter Options pane and select the Apply Custom Filter function.

  5. Select the Refresh View function.

Using

The following process outlines how to implement the Electronic Signatures system for a single company. However, this is only a basic guide and you can configure the system differently according to your requirements:

  1. Enable the Electronic Signatures system:

    1. Open the Electronic Signature Configuration Setup program (Program List > Administration > Electronic Signatures).

    2. Select the Global Configuration function to launch the Global Configuration window.

    3. Enable the Electronic signatures required option.

    4. (Optional) Disable the Secure by default option to ensure that any new eSignature transactions added to the system are automatically defined as Allowed by default.

      If you leave this option as enabled, then the access control of all new eSignature transactions added to the system are automatically set to Denied by default.

    5. At the Authentication by field, indicate which password must be used for the authentication process when you configure eSignatures that require a password to be entered before certain transactions can be processed.

    6. At the Configuration level field, indicate the level at which you want to configure eSignatures:

      • System-wide (if you want to apply access control and any advanced settings to all operators and groups across the system (i.e. in all companies)

      • Company, group, operator or role (if you want to configure eSignatures for a specific company, group, operator or role)

    7. (Optional) Enable the Specify company for operator/group/role option if you want to configure Electronic Signatures separately for different companies. Otherwise the configurations defined for each group will apply to those groups in all companies.

    8. (Optional) Indicate your preferences for purging log records against the Purge options.

    9. Select the Save function to return to the Electronic Signature Configuration Setup program.

    10. Exit the Electronic Signature Configuration Setup program and restart SYSPRO for your changes to take effect.

  2. Define your configuration level(s) at Operator, Group, Company or Role level:

    1. Open the Electronic Signature Configuration Setup program (Program List > Administration > Electronic Signatures).

    2. Select the Add a new configuration toolbar function.

      A new blank record is added to the listview.

    3. Indicate the Security level you require as Company, Operator, Group or Role.

    4. Depending on your selection against the Security level, indicate the associated code within the following columns:

      • Company

      • Operator

      • Operator Group

      • Role

    5. Indicate the access control you require for this configuration level within the Transaction type column:

      • eSignature

      • Allowed

      • Denied

      • Log only

      • Excluded

      • Define by transaction

    6. Select the Save function.

    7. (Optional) If you defined the Transaction type as Define by transaction:

      1. Select the Maintain hyperlink within the Transactions column.

        This loads the Electronic Signature Transaction Setup program from where you can define the transactions associated with the configuration, as well as the trigger and audit log details.

      2. Locate the transaction you want to configure the eSignature against and select one of the following depending on your requirements:

        • To maintain the existing condition for the transaction:

          Select the Edit hyperlink within the Edit column of the Transactions listview.

        • To add an additional condition to the transaction:

          Select the Add condition hyperlink within the Add condition column of the Transactions listview.

      3. Within Configure pane, define the condition as you require it, along with the effective period, logging and trigger requirements.

      4. Select the Save function to return to the Electronic Signature Configuration Setup program.

    8. Exit the Electronic Signature Configuration Setup program and restart SYSPRO for your changes to take effect.

  3. Once the Electronic Signatures system is in place and operators have begun processing transactions that form part of your configuration level(s), you can view the audit log:

    1. Open the eSignature Query program (Program List > Administration > Electronic Signatures).

    2. Indicate the relevant Time filter.

    3. Enable the Show detail option from the toolbar.

    4. Optionally define any criteria you require within the Filter Options pane and select the Apply Custom Filter function.

    5. Select the Refresh View function.

  4. Generate a report of audit log information relating to transactions that form part of the Electronic Signatures system:

    1. Open the eSignature Report program (Program List > Administration > Electronic Signatures).

    2. Indicate if you want to generate a Detail or Summary report at the Report type field.

    3. (Optional) Indicate your criteria preferences for which you want to generate the report.

      • Transaction selection

      • Transaction date selection

      • Transaction time selection

      • Operator selection

      • Program selection

      • Key selection

      • Variable selection

    4. (Optional) Use the Include options to define which transaction statuses you want to include in the report.

    5. (Optional) Define any additional report options you require within the Output Options pane.

    6. Select the Process function.

    7. Exit the eSignature Report program.

  5. If required, you can purge the audit log entries held on file to reduce the size of the log files:

    1. Open the Electronic Signature Configuration Setup program (Program List > Administration > Electronic Signatures).

      1. Select the Global Configuration function to load the Global Configuration window.

      2. From the Purge options section, select the Allow purge option to enable purging audit logs for eSignatures.

      3. Optionally enable the Allow run time selection option so that you can indicate the relevant number of months or years against the Purge log records older than drop-down.

      4. Select the Save function.

        You are returned to the Electronic Signature Configuration Setup program.

      5. Exit the Electronic Signature Configuration Setup program and restart SYSPRO for your changes to take effect.

    2. Open the eSignature Purge program (Program List > Administration > Electronic Signatures).

      1. At the Purge field, indicate if you want to remove all audit log information or only the details log.

      2. Use the slider to indicate the Months to retain records.

      3. Select the Start purge function and accept the confirmation message that is displayed.

      The program automatically closes and an informational message is displayed indicating how many records were removed.

Within the Electronic Signatures system, you can define access control either at configuration or transaction level. Therefore, the following table summarizes the access control levels available.

  • The access levels you define against an individual operator take precedence over the access levels defined at company level.

  • Each transaction condition can have a different access control level.

    Similarly, each operator group can be assigned a different access level.

  • If you select the eSignature or All Secured by eSignature access level, then a password must be defined against each operator who has access to the transaction.

    This is either an operator password or an alternate password, depending on your selection at the Authentication by option within the Global Configurations.

  • Where transactions are configured against a specific operator, the access level defined against the operator applies (except if this access level is set to Excluded from definition), regardless of the configuration against any groups to which the operator belongs.

    If the access method for a transaction configured against an operator is defined as Excluded from definition, then the access level defined against the operator's group(s) applies.

    If the access level against the group(s) is also set to Excluded from definition, then the access level defined against the company applies.

Access Control Impact

eSignature (Configuration level)

or

eSignature (Transaction level)

This sets the current transaction or configuration level to be subject to the Electronic Signatures system.

Transactions are subject to Electronic Signatures and therefore operators must enter a password before a transaction can be processed.

The transaction is subject to Electronic Signatures and you therefore need to indicate one of the following against the transaction:

  • The operator is required to confirm with a password to proceed.

  • A message box should be displayed requesting confirmation, with a default result to either proceed or deny the transaction.

An audit log is generated for each transaction when this access control is defined at either level.

Allowed (Configuration level)

or

Allowed (Transaction level)

When selected at either Configuration or Transaction level:

Operators can process transactions without having to enter a password (i.e. transactions are ignored by the Electronic Signatures system).

No audit log is generated for the transaction.

Denied (Configuration level)

or

Denied (Transaction level)

When selected at either Configuration or Transaction level:

Operators are prevented from processing any SYSPRO transaction that forms part of the Electronic Signatures system.

No audit log is generated for the transaction.

Log Only (Configuration level)

or

Log only (Transaction level)

When selected at either Configuration or Transaction level:

Operators can process transactions, but an audit log is generated for every transaction. In other words, this is the same access control as Allowed, except an audit log is generated.

An audit log is generated for each transaction when this access control is defined at either level.

Excluded (Configuration level)

or

Excluded from definition (Transaction level)

When selected at either Configuration or Transaction level:

Transactions are ignored by the Electronic Signatures system.

You would typically select this option at Configuration level if you wanted to configure only a few transactions for Electronic Signatures.

The access control to all transactions are set to Excluded. You can then select the Define by Transaction option to configure the transactions you want to secure individually.

If you select this option but do not configure any transactions individually, then this is equivalent to selecting the Allowed option for the selected configuration level.

Therefore, the purpose of this option at Configuration level is to cascade the access level up to the next level defined, except when using role-based eSignature definitions, as there are no higher-up levels.

For example:

If the transaction is excluded for an operator, then the access level defined against the group applies.

If this is defined as Excluded from definition, then the access level defined against the company applies.

This access control is an advanced option and should therefore only be used with sophisticated conditional logic.

No audit log is generated for the transaction.

Define by Transaction (Configuration level)

When selected at Configuration level:

This lets you configure each SYSPRO transaction that forms part of the Electronic Signatures system individually.

You can then select the Edit or Add condition option from the Transactions listview of the Electronic Signature Transaction Setup program to define additional configuration options for each transaction.

In addition, you can deselect individual transactions in the Transactions listview, thereby setting that transaction to Denied for the selected configuration level.

  • Fields on a pane are sometimes removed by default. You can reinstate them using the Field Selector option from the context-sensitive menu (displayed by right-clicking any field in the pane). Select and drag the required fields onto the pane.

    The captions for fields are also sometimes hidden. You can select the Show Captions option from the context-sensitive menu to see a list of them. Click on the relevant caption to reinstate it to the form.

    If the Show Captions option is grayed out, it means no captions are hidden for that form.

  • Press Ctrl+F1 within a listview or form to view a complete list of functions available.

Referencing

This delete the entries from the audit log table according to your selections.

You are prompted to confirm your selection.

This helps reduce the number of entries in the AdmSignatureLog and AdmSignatureLogDet tables as the number of entries can grow substantially after you have used the Electronic Signatures system for some time.

Field Description

Purge

Indicate the purge function you want to perform:

This lets you delete the log entries displayed within the listview of the eSignature Query program.

Each log entry (summary and detail) is deleted if it is older than the number of months or years specified at the Months to retain records field.

This lets you delete the log details displayed in the eSignature Query program for each log entry selected for deletion. The summary entries displayed in the eSignature Query listview are then retained.

Each detail entry is deleted if it is older than the number of months or years specified at the Months to retain records field.

Months to retain records

This slider lets you indicate the number of months according to which audit log entries must be purged.

An entry is then purged if it is older than the number of months specified here.

This defaults to your selection at the Purge log records older than option within the Global Configuration section of the Electronic Signature Configuration Setup program, but can be changed if the Allow run time selection option is enabled.