We are experiencing a certain issue that I am hoping someone within the community has faced and will have a better idea on how to mitigate. Being a state agency we are bound to remain federally compliant. One of the issues that we face is making sure that PHI and PII data does not get inserted into the Service Desk Manager ticketing system. Due to a variety of factors we occasionally get data within the system that would fail an audit and must be removed.
We can edit the ticket itself and remove the data. But that edit is captured within the activity log as an OLD/NEW value.
The discussed potential solution was to alter the options manager field for activity editing from WRITE PROTECTED to PUBLIC. To allow us to make edits within the activity logs. But we really only want to extend that level of editing to the system administrators while not allowing editing of the logs to the general analysts. The thought was that we could do this via a data constraint but CA was not aware of a way from which to do this.
This is a critical concern/need that we have to be able to do in order to be complaint. While we could make the edit directly to the SQL database. Alterations to our production environments require a CAB level event with a significant turn around time without even considering the long term data stability with making those kind of edits over time.
Any thoughts you have would be helpful!
Jordan, you could use <PDM_IF>...<PDM_ELSE>...</PDM_IF> to control which fields are read only and this way, only those users can edit these fields. For example, in detail_alg.htmpl file, if you allow only Administrator role users to edit
"Date of Activity" and "Time Spent", then you could change
<PDM_MACRO name=dtlDate hdr="Date of Activity" attr=time_stamp><PDM_MACRO name=dtlTextbox hdr="Time Spent" attr=time_spent evt="onBlur='validate_duration_ts(this)'" maxlength=100>
<PDM_IF $SESSION.ROLE_ID == 10002><PDM_MACRO name=dtlDate hdr="Date of Activity" attr=time_stamp><PDM_MACRO name=dtlTextbox hdr="Time Spent" attr=time_spent evt="onBlur='validate_duration_ts(this)'" maxlength=100><PDM_ELSE><PDM_MACRO name=dtlDateReadonly hdr="Date of Activity" attr=time_stamp><PDM_MACRO name=dtlReadonly hdr="Time Spent" attr=time_spent></PDM_IF>
Here I assume the id 10002 is the role id for "Administrator" role.
Same can be done for "User Description"...together, you in fact control who can/can't modify the activity logs.
Of course, after the changes you would need to run "pdm_webcache -H" and "pdm_webcache -b" to make sure end uuers clear their browser cached data.
Hope this helps. Thanks _Chi
Do you require any additional assistance on this topic?
If not, please mark one of the provided responses as correct so that this thread can be closed.