Logging Records Visited By Users

Hi,

Due to a potential security breach, I have been tasked with monitoring the customer records that users are accessing in Navision. I started by creating a table to store the user id, date/time, customer no. etc. Then I added code to the OnAfterGetRecord / OnAfterGetCurrRecord triggers on the customer form to insert a record to log the event, only to find that these 2 triggers do not permit any writing to the database.

Can anybody suggest an alternative method to achieve this? It’s Navision 3.7 running against SQL 2000. I’ve looked at monitoring the SQL server but this doesn’t appear useful as the statements are all wrapped in RPC calls.

Any help appreciated,

Jonathan

Jonathan,

Do you need to log only accessing the customer record, or any changes made to it? If the second would be the case, you could use the Change Log. But I guess you already know about this option…

Hi,

Thanks for the reply. Yes well aware of the change log, but I need to know which records are being viewed by which users at what times of the day. Customer data is potentially being sold to competitors.

I thought I could use the OnTimer event and check if the current record has changed (but really don’t want to do this).

Jonathan

Hi Jonathan

You can write the accessed records to a temporary record from the OnAfterGetRecord and OnAfterGetCurrRecord trigger and then copy the content from the temporary record to a table in the database from the OnCloseForm and / or the OnTimer trigger.

Regards

Claus

I know it is always easieist to view business process issues as COde Errors and systme bugs, but sorry to have to tell you this, but any amount of coding is not going to solve your actual problem.

Most sales people need to work with custmer databases that they have locally, which means that in most organizations, most sales people have an excel spread sheet with all their customers details. Of course in many cases the spread sheet contains more then just “Their” customers. THere are generally two phylosopies behind this. 1/ is that they really do need this information on the road, and can not rely on logging into the system to get data as needed. 2/ Is the general assumption that most sales people make they they found the clients, so they are theirs.

This is not new, and is not likely to change. The business needs to work with its sales team, and make sure that they have the information required to do their ob, but also make sure that the data is secure. And that is business Process, its not a job for a programmer.

Sorry that this post in no way helps you or your problem at hand. But be aware that if your client has this issue, then a few lines of code will not resolve it. The CEO needs to sit with the Director of Sales, and come up with a plan.

Hi David,

Thanks for your response which I totally agree with. I effectively made your point to my client as soon as they mentioned it but they would like me to attempt to uncover any suspicious activity however possible. The users are customer administrators, not commission based staff. At the end of the day you can have security in your systems but there still needs to be an element of trust wherever confidential information is in use.

Jonathan

Maybe even “Employee Monitoring Software” could help. Remotely view a PC’s screen to actually watch what they are doing without them knowing.

In some cases you can notify them that the software is installed. They willl never know if or if not they are being monitored at any given time. Sometimes just the thought that they maybe caught will prevent them from doing something they shouldn’t.

http://www.spy-software-solutions.com/employee_monitoring.htm


PS - I Love the Avatar →

Good point David, I agree.

I htink htat if it gets to the point that you need a solution like this, then you should have sacked the employees a long time ago.

Contracts and Private Detectives, and cameras may give some sense of security. but in the end, you hav to trust these people, and if you don’t trust your employees, then there is something fundamentally wrong.

For sure if I found out that my employer was spyiong on me, then I would resign immediately. Of course there are exceptions, such as those working in banks, government institutions baby sitters etc. but not for normal business.

I’m sure UK law means you have to inform your employees if you intend to read any of their communication or monitor what they do!

It’s all down to ethics.

I worked at a company and found one of the IT guys was reading my GF’s emails (we were at the same company). How? Well she was on the phone to me in her car when I got a read receipt from an email I sent her, nothing secret or personal in it. Something like “What we doing this weekend?”. So I did a bit of playing around and found this guy was logged into the exchange server reading the emails. He very nearly ended up in hospital, and me in jail. Yes, I left the company.