Audit Definitions: A Comprehensive Guide to Audit Terms & Concepts

Audit Definitions

In the realm of IT Service Management (ITSM) and enterprise application development, particularly within platforms like BMC Helix ITSM (built on BMC Remedy AR System), understanding the mechanics of how actions are triggered, processed, and logged is crucial for effective system administration, development, and troubleshooting. At the heart of this lies the concept of Workflows. These aren’t just abstract processes; they are the automated sequences that drive your applications, ensure data integrity, and automate business logic. When we talk about “Audit Definitions,” we’re essentially diving into how we can track, monitor, and understand these workflow executions to maintain system health, ensure compliance, and pinpoint issues.

This article will demystify the core components of BMC Remedy’s workflow engine, focusing on how they relate to audit trails and operational insights. We’ll break down Active Links, Filters, and Escalations, explore their functionalities, and discuss how their execution can be audited and managed.

Understanding Workflows: The Backbone of Automation

Before we delve into audits, let’s establish a solid understanding of workflows. Think of workflows as the automated “how-to” guides for your business processes. In platforms like BMC Helix, these are implemented through a sophisticated workflow engine that allows administrators and developers to define a series of steps that execute automatically based on specific conditions or triggers.

Workflows are the set of processes a company uses to run itself. They automate company processes using active links, filters, and escalations. They trigger actions based on defined execution options. In AR System, workflow refers to operations triggered by these components.

Key Workflow Components and Their Roles

BMC Remedy’s workflow engine comprises several key components, each with a distinct purpose:

Component	Function
Active Link	Executes based on client operations or information on the current screen. It’s an object triggered by user interaction to perform operations (displaying messages, changing field label colors, pushing/inserting/fetching data between forms/tables). Active links cannot be triggered via API. They run on the client, in the current form window. They are excellent for providing immediate user feedback and interactive experiences.
Filter	Checks form transactions during server processing. Filters are workflow objects triggered at the server level and interact with the database to retrieve data. They run in response to specific operations (Submit, Modify, Delete, Get Entry, Merge, Service) if a qualification is met. Filters execute on the AR System server with administrator permissions and have a form-level execution order of 500. They are the workhorses for server-side business logic and data manipulation.
Escalation	At a predetermined time interval, escalations check requests in the database. Escalations are workflow objects triggered at the server level and interact with the database. Unlike filters, which run in response to specific operations, escalations run at specific times or after defined intervals. They find and act on all requests that meet a qualification, whereas filters act on the current request. These are ideal for time-based tasks like sending overdue notifications or performing regular maintenance.

These components operate on Forms, which are essentially schemas representing data structures, akin to tables in a database. Access to these forms, and the data within them, is governed by Access Control mechanisms like Permission Groups and Roles.

Deep Dive: Active Link Definitions

Active Links are your go-to for client-side automation, enhancing the user experience directly within their interface. They are the first line of interaction when a user performs an action.

An active link is an action or series of actions triggered by user operations. This means clicking a button, changing a field value, or navigating through a form can initiate an active link.
Crucially, active links cannot be triggered through API programs. Their domain is the user’s interaction with the client application.
They execute on the client, within the current form window. This allows for immediate feedback and dynamic UI adjustments.
To ensure uniqueness and prevent conflicts, duplicate active link names are not allowed. The system automatically appends _c to the name if a duplicate is attempted.
An active link must have at least one “add action” to perform any work.
When you rename a form, its active links are copied to the new form. However, saving a form does not automatically copy its active links.

Practical Example: Imagine a user filling out a “New Employee” form. An active link could be configured to automatically populate the “Department Email” field based on the selected “Department” field, providing instant data enrichment without requiring a server roundtrip.

Understanding Filters: Server-Side Logic and Data Integrity

Filters are the backbone of server-side business logic. They are essential for data validation, transformation, and ensuring that data operations adhere to business rules before being committed to the database.

Filters are workflow objects triggered at the server level. This means they operate independently of user actions once initiated by a triggering event.
They interact with the database to retrieve or update data, making them powerful for data manipulation and integration.
Filters run in response to a specific operation (like Submit, Modify, Delete, etc.) and, importantly, they act on the *current request* if it meets a defined qualification. This means they are focused on the immediate transaction.
Filters execute on the AR System server with administrator permissions. Their execution context is privileged, allowing them to perform robust operations.
They have a form-level execution order of 500. This order is critical for managing dependencies between different filters on the same form. Lower numbers execute first.

Practical Example: When a user submits a change request, a filter might trigger. This filter could check if the requested change date falls within an approved maintenance window. If not, it could prevent the submission and display an error message to the user. Another example is a filter that automatically assigns a ticket to a specific support group based on the “Category” and “Subcategory” selected by the user.

Escalations: Time-Based Automation and Proactive Management

Escalations are your solution for automated tasks that need to run on a schedule, ensuring that overdue items are addressed or periodic system checks are performed.

Escalations are workflow objects triggered at the server level, similar to filters.
They also interact with the database to retrieve and manipulate data.
A key distinction is that escalations are not tied to specific user operations. Instead, they run at predetermined times or after defined intervals.
When an escalation runs, it scans the database for *all requests* that meet its qualification criteria, not just the current one being processed. This makes them ideal for batch processing or identifying multiple records that need attention.
Escalations are executed by a dedicated system user, typically identified as ar_escalator.

Practical Example: An escalation could be set to run every hour. It would then query for all open incident tickets that have not been updated in the last 24 hours. For each such ticket, it could automatically post a follow-up note, change the status to “Pending Customer,” or assign it to a manager for review.

Audit Form Fields and Trigger Options

When you’re auditing workflow actions, understanding the types of operations that can trigger these audits is vital. The ‘Audit’ functionality in BMC Remedy often uses specific fields to record these events. The Audit Form Fields provide a way to categorize the actions that initiated the audit:

Description: This field typically captures the textual representation of the action that triggered the audit.
Options: These are bitmasks that represent various operations. They are often used in conjunction with fields like “Audit On” or in custom logging mechanisms. The common options are:
- 1: GET ENTRY (When a request is retrieved)
- 2: Set (Represents a modification or update)
- 4: Create (When a new request is submitted)
- 8: Delete (When a request is removed)
- 16: Merge (When data is merged, often via import tools)

These options directly correspond to the Filter Execution Options:

Execution Option	Description
`Modify`	Executes when a request is modified. Corresponds to the ‘Set’ option.
`Submit`	Executes when a request is submitted to the server. Corresponds to the ‘Create’ option.
`Delete`	Executes when a request is deleted. Corresponds to the ‘Delete’ option.
`Get Entry`	Executes when a request is retrieved. Corresponds to the ‘GET ENTRY’ option.
`Merge`	Executes when a request is merged into the database by using BMC Remedy Data Import, a DSO independent copy transfer, or the data import command line interface. Corresponds to the ‘Merge’ option.
`Service`	Executes when a Service active link action is performed. The filter accesses a request with the field values passed by the active link action and those retrieved from the database, if any, and returns output values to the calling request. No other database operation is performed. If the filter runs a Push Fields action, the output field value list is not affected. If the filter runs a Set Fields action, the output field value list uses any modified values. This is a special case that can be triggered by active links.

Workflow Actions: What Can They Do?

Active Links, Filters, and Escalations can perform a wide array of actions to automate processes and interact with the system. Understanding which actions are available to each workflow type is key to designing effective automations.

Action Type	Active Links	Filters	Escalations
Call Guide	✔	✔
Change Field	✔
Close Window	✔
Commit Changes	✔
Distributed Server Option	✔	✔
Direct SQL	✔	✔	✔
Exit Guide	✔	✔
Go to Guide Label	✔	✔
Goto	✔	✔
Log to File	✔	✔	✔
Message	✔	✔	✔
Notify	✔	✔	✔
Open Window	✔
Push Fields	✔	✔	✔
Run Process	✔	✔	✔
Service	✔	✔	✔
Set Fields	✔	✔	✔

Actions Unique to Specific Workflow Types:

Only in Active Links (AL): DDE, Change Field, Close Window, Commit Changes, OLE Automation, Open Window, Run Macro, Wait. These actions are focused on client-side interactions and UI manipulation.
In Filters and Escalations, but not Active Links: While not explicitly listed as unique, many powerful data manipulation and server-side actions are more commonly found here.
In Filters, but not Escalations: Again, specific actions might be more prevalent based on their trigger mechanisms.
In AL, FLR & ESCL: Call Guide, Distributed Server Option, Direct SQL, Exit Guide, Go to Guide Label, Goto, Log to File, Message, Notify, Push Fields, Run Process, Service, Set Fields. These are the most common and versatile actions.

Understanding Specific Actions in Detail

Let’s explore some of these actions further, as they are crucial for building robust and auditable workflows:

`Commit Changes` Action

This action is primarily used in Active Links and is critical for saving user modifications to the database.

With a dialog box: When used with Open Window and Close Window actions, it can capture data from a dialog box. It pushes values back to the parent form but doesn’t automatically initiate a database save. You might need a subsequent action to commit.
With a regular form, join form, view form, or vendor form: In these contexts, it applies changes to the form and then performs the major form action (like Submit, Search, or Modify), effectively submitting the data to the database.

`Direct SQL` Action

This action allows direct interaction with non-AR System databases, essential for integrations.

Used in: Active Links, Filters, Escalations.
Submits any legal SQL command to a non-AR System database.
Crucial Warning: Use only for integration with other databases. Do not use to modify AR System database tables, as this can lead to severe data corruption and system instability. Stick to pushing data *to* non-AR System databases.

`Goto` Action

This action allows for non-linear workflow execution, enabling looping or conditional branching.

Used in: Active Links, Filters.
Executes an active link or filter in an order other than the normal sequence.
When executed, the first item with an execution order greater than or equal to the specified number executes next.
It can be incredibly useful for executing a sequence of actions multiple times by returning to a specific active link or filter.

`Go to Guide Label` Action

This action provides structured navigation within complex workflows, particularly guides.

Used in: Active Links, Filters.
Redirects the flow of execution within a guide to a specific location marked by a “guide label.”
This promotes modular workflow design, allows for repeating sections of logic, and facilitates the creation of conditional execution paths.

`Run Macro` Action

This action leverages the power of macros defined in BMC Remedy User.

Used in: Active Links.
Runs a macro created in BMC Remedy User.
Important: This action only runs in the BMC Remedy User client, not in the web client.
Macros can perform virtually any operation or series of operations, including those with parameters, offering a way to bundle complex client-side tasks.

`Run Process` Action

This action allows the execution of external programs or scripts.

Used in: Active Links, Filters, Escalations.
Runs an independent process on a client computer or an AR System server.
Executes the command specified in the Command Line field, which can be an AR System application command, a workflow process command, or an external program executable.

`Service` Action

This action is a specialized way to invoke filters and process data.

Used in: Active Links, Filters, Escalations.
Triggers filters with an “Execute On” condition of “Service.”
For Active Links and Filters: Uses input field mapping and an optional database request ID to provide output data for further processing. Crucially, no database changes are made directly by the Service action itself.
For Escalations: Can set values in the database if output data is provided. It uses input field mapping to determine values for output field mapping. It can operate on the current form or any other form and can integrate with AR System web services or Set Fields filter actions.

`Push Fields` Action

This is a fundamental action for data synchronization and updates between records.

Used in: Active Links, Filters, Escalations.
Automates database updates by transferring values from selected fields in the current request to another request in the same or a different form.
It can be used to update existing requests or to create new ones.
It can push values from most field types but cannot push data to non-data fields like table or column fields.
Each Push Fields action can transfer data from the current form to one other form, potentially updating multiple requests in that target form.

Difference between “Commit Changes” and “Run Process PERFORM-ACTION-APPLY”: Both actions can save a request during a modify operation. However, “Commit Changes” is logged in log files, providing a clearer audit trail. The specific action performed by “Run Process PERFORM-ACTION-APPLY” is not directly logged in the same manner. “Run Process” is often preferred for generating dynamic workflows where the actions can be determined based on field values at runtime.

Cache Modes and Their Impact on Auditing

Understanding cache modes is essential for appreciating how system changes are reflected and how operations might be affected, which indirectly impacts the timing and visibility of audits.

Production cache mode (Default): This mode is designed for stability and performance in live environments. Operations performed by application users are not delayed by administrative operations. Administrative changes (like workflow modifications) create a separate copy of the cache, ensuring that end-users continue to work with the existing, stable version until the administrative changes are explicitly deployed. This minimizes disruption but means that new workflow logic might not be immediately active for all users.
Development cache mode: In this mode, administrative operations can lock out other users from the shared cache and wait for the administrative tasks to complete. This is useful during development and testing as it ensures that changes are immediately reflected. However, it can cause delays. Potentially long-running tasks (like complex escalations, Integration Engine jobs, or intensive queries) are incompatible with admin thread changes in this mode and can lead to significant delays or even timeouts if not managed carefully.

Filter Phasing: The E-Mail Engine Example

Filter phasing refers to the order and timing in which filters execute. The example provided relates to email notifications:

Email_Notification web path: This setting specifies the base URL for email notifications. If it’s blank, the Default Web Path is used. If your organization uses multiple domains or has a specific internal web server for notifications, a fully qualified path name should be configured here for correct link generation in outgoing emails.

DSO (Distributed Server Option) and Firewall Considerations

DSO is used for replicating data between different AR System servers. When configuring firewalls for DSO:

For firewalls, enable “placeholder mode” from the DSO tab. This is a specific setting that allows DSO to function correctly across network boundaries by managing how it handles object definitions and data transfers.

The `arsignal` Utility: Reloading Workflow and Configuration

The `arsignal` utility is a command-line tool used to force a BMC Remedy AR System server to load or reload information. This is often necessary after making configuration changes or deploying new workflows to ensure the server picks them up without a full restart. It can be run on any computer that can communicate with the AR System server.

Syntax:

arsignal {-a | -b | -c | -d | -e | -g | -l | -m | -p | -r | -u serverName[:port][sigArgument]

Key Options for Auditing and Workflow Management:

-c: Reloads information from the configuration file (ar.conf or ar.cfg). Essential after changes to server-level settings that might affect workflow behavior or logging.
-e: Recaches and reloads escalation definitions. If you’ve made changes to escalations, this command ensures the server uses the updated logic.
-r: Recaches definitions from the database. This is a more general reload that can pick up changes to various definitions, including workflow objects.
-u: Reloads user information. While not directly workflow, user permissions and group memberships can influence who can trigger or view workflow actions.

For a complete list of `arsignal` options and their detailed descriptions, refer to the official BMC documentation.

Ports and Queues: The Communication Layer

The “Ports and Queues” tab within the AR System Administration Console is fundamental for managing server communication and performance, which indirectly affects the timely execution and audibility of workflows:

This tab is used to set server ports and RPC numbers required for communication between AR System components and clients.
The Server Queue region is crucial for configuring server queues and threads. This allows you to leverage BMC Remedy AR System’s multithreaded design, ensuring that multiple workflow processes (like filters and escalations) can run concurrently without blocking each other. Proper queue configuration can prevent workflow bottlenecks and ensure that audits are captured promptly.

Troubleshooting Workflow and Audit Issues

When workflows don’t behave as expected or audits aren’t being generated correctly, here are some common troubleshooting steps:

Workflow Troubleshooting Checklist:

Check the Execution Order: For filters on the same form, ensure their execution order is logical and doesn’t create conflicts. Filters with lower numbers execute first.
Verify Qualifications: Double-check the qualification expressions for your active links, filters, and escalations. A tiny syntax error can prevent them from triggering.
Test with `arsignal` and Server Logs: Use `arsignal -r` or `arsignal -e` to reload definitions if you suspect the server isn’t picking up changes. Examine the AR System server log files (e.g., `armonitor.log`, `regex.log`, and specific workflow logs if enabled) for errors or clues about why a workflow isn’t firing or is failing. You can enable detailed logging for specific workflow types in the AR System Administration Console.
Client vs. Server: Differentiate between client-side issues (Active Links) and server-side issues (Filters, Escalations). If an Active Link isn’t working, check the browser console for JavaScript errors. If a Filter isn’t running, check server logs and the filter’s execution details.
Permissions: Ensure the user or the system account running the workflow has the necessary permissions to perform the actions. Filters run with administrator permissions, but Active Links are tied to the logged-in user’s permissions.
Cache Issues: In development environments, ensure you’re in Development Cache Mode if you need immediate reflection of changes. In production, be aware that changes might take a moment to propagate.
`Direct SQL` Caution: If you’re using `Direct SQL`, ensure you are only targeting external databases and not the AR System database itself. Errors here can be catastrophic.

Interview Relevance

Understanding these concepts is vital for IT professionals, especially those in roles like:

Key Interview Points for Workflow & Auditing:

Differentiate Active Links, Filters, and Escalations: Be prepared to explain when to use each and their execution contexts (client vs. server, event-driven vs. time-driven).
Explain Workflow Triggers and Actions: Know the common actions (Push Fields, Set Fields, Run Process, Direct SQL) and their use cases.
Discuss Audit Trails: How would you implement auditing for critical data changes? What role do filters play in auditing? How can you track workflow execution?
Troubleshooting Scenarios: Explain how you would diagnose a workflow that isn’t firing or is producing incorrect results. Mention the importance of server logs and `arsignal`.
Cache Modes: Be able to explain the difference between production and development cache modes and their implications for changes and user experience.
Direct SQL Best Practices: Emphasize the danger of using `Direct SQL` on the AR System database.
`arsignal` Utility: Know its purpose and common options like `-c`, `-e`, and `-r`.

Conclusion

Mastering BMC Remedy’s workflow engine is not just about writing code; it’s about understanding the intricate dance of automation that keeps your ITSM processes running smoothly. By grasping the distinctions between Active Links, Filters, and Escalations, and understanding their respective actions, triggers, and execution contexts, you gain the power to build robust, efficient, and auditable systems. Effective use of these components, coupled with diligent logging and troubleshooting, ensures that your applications not only automate tasks but also provide the transparency and control necessary for modern IT operations.

For further details and official guidance, please refer to the BMC Helix documentation: