Enable User Audit Data for Symphony Accounts

This applies to: Visual Data Discovery

Audit data for Symphony users, including administrators, are not visible to other Symphony accounts. You define this level of separation in the database in one of three ways:

  • Tables: Configure Symphony to collect and write user audit data to different tables, then give users database access only to their own audit data table.
  • Views: Disable user auditing by account, then give users access to their own audit data, using specific views and database access rights.
  • Row level security: Disable user auditing by account, then configure row level security, limiting access for each user to their own data.

Database tables that contain user audit data are created automatically when you first trigger an audit event. Trigger table creation with user auditing enabled and properly configured before you create a data source for the tables or apply access controls at the database level.

Tables for a Symphony Account

  1. Use separate collections for accounts by defining user-auditing.destination.collection-per-account=true in the zoomdata.properties file.
  2. Generate an audit event for all accounts to trigger audit data table creation.
  3. Create user database accounts for each user. Define user access rights for each user to query only their own account's audit data table.
  4. Create connections to the audit database using each account.

Views by Symphony Account

  1. Disable use of separate collections for accounts by defining user-auditing.destination.collection-per-account=false in the zoomdata.properties file.
  2. Generate an audit event for any account to trigger audit data table creation.
  3. Create a view for each account that filters the audit data table, using a condition such as accountID='<Account ID>'.
  4. Create user database accounts for each user. Define user access rights for each user to query only their own account's audit data view.
  5. Create connections to the audit database using each account.

Row Level Security in the Database

  1. Enable user auditing by defining user-auditing.destination.collection-per-account=false in the zoomdata.properties file.
  2. Generate an audit event for any account to trigger audit data table creation.
  3. Create user database accounts for each user, and configure row level security for the audit data table to limit users to their own data. For example, use a filter such as accountID='<Account ID>.
  4. Create connections to the audit database using each account.