Example User Permissions Activity report—CRW

The User Permissions Activity report is a custom audit trail report that you can use to track changes to user permissions.

A Business user with Admin privileges can use the Custom report wizard to create and run an audit trail report that does the following:

  • Displays both user and role permissions for accessing financial data across your applications.
  • Tracks additions, deletions, and modifications to those permissions.
  • Tracks user information, such as user type, admin privileges, active status, roles assigned, user entities, user departments and user territories assigned.
An audit trail report tracks changes to permissions. To report on changed records and data in your company, you can use the Audit Trail on individual records, or make a report in the custom report writer.
Subscription Customization Services or Platform Services
Regional availability

All regions
User type Business with Admin privileges
Permissions Custom reports: List, View, Edit, Add, Delete

Create an audit trail report

The Custom report wizard guides you through creating an audit trail report.

  1. Go to Customization Services or Platform Services > All and select Add (circle) next to Custom reports.

  2. In the Select a primary data source step, choose User permissions activities as the data type for your report.
  3. Go through the steps and choose options to create the report.
  4. Either Save or Run report.
The audit trail report tracks all changes to permissions, even when you assign a permission to a user type that is disallowed. As a result, the report can show more permissions than are available to the user.

For example, an Employee user can add, edit, or delete timesheets and expenses and only view and list data and transactions in all applications. If you assign permission to Employee users to add a vendor, that change appears as a permission for Employee users on the audit trail report even though an Employee user is not allowed to add a vendor.

Export an audit trail report

When you run this report, each specific permission addition, modification, or deletion is listed on a separate line of the report per user. Depending on the size of the company, a single change to a role can affect hundreds of users. In such cases, the report can become so large that it might time out before being run. To avoid timing out, apply filters, such as a specific time range, for more limited output.
  1. Once you have created your custom audit trail report, Save the report.
  2. Go to the Custom Reports list (Reports > All > Advanced > Custom reports) and View the custom audit trail report you want to export.
  3. Select Run report.
  4. Set the Reporting period for your report and modify any necessary fields.
  5. In the dropdown menu beside Print, choose a format in which to export the audit trail report. You can choose between Word, Excel, CSV, Text, XSD, and XML.
    Before you export a report, select View to preview the report in a separate window to see if you need to make any changes first.
  6. Select Go to export your report to your chosen format.

What's in an audit trail report?

An audit trail displays permissions for each user along with the date/time when that permission was added, modified, or deleted.

Permissions for users who access an entity from a console (without logging in to that entity) are not tracked and reported on within that entity. For example, if Paula is a console user who can access two client entities without logging in, Paula's permissions are tracked and reported from the console level only. This is true even though her permissions for each client entity may be different.
Audit trail report columns
Report column heading Description

User

The username

Application

The application associated with the permission

Action performed

The type of permission, such as Set, Grant, or Revoke.

Description

A textual description of the activity, such as "granted edit permission for Vendor Types to User A"

Policy

The granular permissions for each Activity/object. For example, if you have permissions for the Vendors object, you can further hone that permission to View, Add, Edit, or Delete vendors.

Activity/object

What the permission acts upon, such as Bills, or Check Register

Time performed

The timestamp when the permission was added, modified, or deleted