Track and Trace User Activity

Peter Eichhorn on June 19, 2024

Dear All, as a global organization with dozens of process modelers across the world we (unfortunately) encounter data losses in processes. Means, we see objects disappearing in processes, because "somebody" obviously seem to have deleted objects.

Long story short - we cannot reproduce why data are gone. We are aware of the Cloud controller and scanned GBs of logs for helpful information w/o any meaningful findings. Hence the question: Are you aware of any possibility to track & trace user activities on process level. We are dreaming of an xls/txt with User ID, process name (GUID), Objects changed/created/deleted.

Is somebody able to generate this? Either with Cloud controller or any other technology?

Thanks in advance

Peter

Tags: #aris10

Notify Moderator

4 Replies

Alexander Cherednichenko on June 19, 2024

There are many strategies how to govern this.

First of all, of course, is to prevent the such an event - is the access to the content through the folders.

But yeah, some 'talents' are always ready to make you suffer ) We produce a couple of reports to estimate the DB health (it depends on how many monkeys with grenades are within the project/DB). First of all - we use Export with all GUIDs of the objects (in Excel), and then, e.g., when shit happens, we import (with another script) the old Excel file that shows what object changed, what was deleted, and what is new.

Another strategy is to evaluate the 'mass' of objects on the diagrams. The principal is very similar—one script exports to Excel, another import, and both give you an understanding of what happened with your processes.

Like

Sign in
or register to reply.

Notify Moderator
Martin Schröder on June 19, 2024
Hello Peter,

as a precaution we have two roles with different access permissions:

modelers who cannot delete models/object definitions

process architects who can

Another idea: Do you use db versioning? Then you could compare older versions against the workplace or HEAD revision.

There is no simple, built-in "whodunnit" traceability in ARIS. Maybe my earlier post can help. But for logging such detailed user activities you should bear in mind GDPR, users' consent and worker's council participation.

Regards, Martin
Like

Sign in
or register to reply.

Notify Moderator
PE

Peter Eichhorn on July 3, 2024

Thanks for your comments. Much appreciated. I am afraid I will have to invest more time into access rights on group level.

Like

Sign in
or register to reply.

Notify Moderator
MZ

M. Zschuckelt on August 26, 2024 as Reply to Peter Eichhorn

Hello Peter,

yes, that definitely is a good investment to protect your (mental) sanity. When you have your grips around your repository with designer roles, reader roles, stakeholder roles and proper access permissions for them you are a great step further. Versioning for publishing content is also a standard pattern.

If the need to trace individuals' activities persists after that, there are add-on components large banks use for auditing purposes - including traces of who accesses what. That would definitely be an issue to justify against GDPR (and a lot of logs to scan!).

Like

Sign in
or register to reply.

Notify Moderator

Upcoming events

Tuesday, January 21, 2025 - 09:30

Arbeitsgruppe Modellierungskonventionen der ARIS User Group DACH
Tuesday, January 21, 2025 - 16:00

Master Operational Excellence in 2025: Insights You Won’t Want to Miss!

Arbeitsgruppe Modellierungskonventionen der ARIS User Group DACH

Master Operational Excellence in 2025: Insights You Won’t Want to Miss!