Hi,

Please  check the following link and the text below. It might be of help to you.

https://pdn.pega.com/security/how-to-audit-field-level-changes-to-security-rule-and-data-instances

https://pdn.pega.com/security/how-to-extend-the-security-auditing-feature-to-record-changes-to-additional-properties

https://pdn.pega.com/security/how-to-log-each-use-of-harness-and-flow-action-rules

How security auditing works

When enabled, each save operation on a rule instance or data instance (whether through a form or through an activity) triggers execution of a standard activity. The activity compares the current values of the tracked properties with their previous values, and writes a history detail instance for each value added, deleted, or updated. The history detail identifies

• The property name
• The values added (if any are added)
• Changed values (the from value and the to value) (if any change)
• The deleted values (if any are deleted)

For aggregate properties:

• The history detail does not indicate changed values as it does for single value (scalar) properties. Instead, the history detail shows two entries when a value is changed: one entry about deleting the prior value and another about adding the new value.
• For nested PageList mode properties (such as pagelist(1).pagelist(1).property), only one level of nesting is supported. Nested PageGroup mode properties are not supported.

For rule changes, the system saves this information as an instance of the History-Rule class. For changes to data instances, the information is saved in an instance of a subclass of the History-Data- class. For example, the system records changes to access groups (Data-Admin-Operator-AccessGroup) in instances of the History-Data-Admin-Operator-AccessGroup class.

How to enable

Complete these steps for each data class or rule type that is to support security auditing. Place these two rules in a RuleSet that is available to the users to be audited.

1. Identify the set of properties to be recorded. (The RuleData toolbar button may help you identify property names.) You can record changes to both Single Value and aggregate properties. For aggregate properties, only one level of nested Page mode structure is supported (for example, pagelist(1).pagelist(1).property).
2. Create a data transform rule named pyTrackSecurityChanges in the class. Examples with this name are provided as standard data transform rules for tracking changes to access groups, Operator ID instances, Access of Role to Object rules, flow rules, case type rules, and application rules. You can save copies of these standard data transform rules into your RuleSet and update the list of properties to be tracked.
3. In the data transform rule, specify Set actions to set the properties to be tracked. For each row:
   • Specify the property in the Target field. For Value List or Value Group properties, enter an arbitrary subscript to identify one value. For Page mode properties, enter a reference to a scalar property within the page structure.
   • In the Source column, optionally enter a word or phrase to label, on the History Details report, the value. For example, if the property is named pyUserName, enter the phrase "user name" to generate text "Changed user name from John Smith to Jon Smyth". Alternatively, leave the Value column blank for a row to apply custom text from a field value rule, described below as an advanced feature.

4. Save the data transform.
5. Create a Declare Trigger rule named TrackSecurityChanges with the rule type or data class as the Applies To class.
6. Complete the Trigger tab. Select Saved for the Trigger when field. Select TrackSecurityChanges for the activity name, and Immediately for the Execute field.
7. Save the Declare Trigger rule; it takes effect immediately. Test the feature by changing a rule or data instance and reviewing the history.

Viewing and reporting security audit details

From the History tab of a rule or data form, click  History Details   to see the detailed memo text created by this instance.

For a broader view of changes, run the standard list view rules:

• History-Rule.TrackSecurityChanges for changes to rules
• History-Data-Admin-Operator-ID.TrackSecurity for changes to data objects of any class. The Applies To value of this list view rule does not restrict the class of the results.

Enter from and to values for a date range to restrict the results of these reports.

You can create custom reports or export this data. The pyLabel property identifies the property modified. The pyMemo property contains the text description of the change.

Customizing memo text

Using field value rules, you can customize or localize the memo text presented on the History Details reports for a property:

1. In the Data Transform rule form, leave the Source column blank for the row that sets that property (in the Target column).
2. Create three field value rules. Set the first key part to the rule type or data class and the second key part to the property name.
3. Set the final key parts to the three values TrackSecurityChange_Add, TrackSecurityChange_Change, or TrackSecurityChange_Remove.
4. On the Localized Label tab, enter the text to appear in the memo field.  In the TrackSecurityChange_Add  field value, you can use {1} to refer to the new value of the tracked property. For the TrackSecurityChange_Change field value, {1) to refer to the old value and {2) to refer to the new value. For the TrackSecurityChange_Remove  field value, you can use {1} to refer to the old value of the tracked property.

For example, to provide custom text for changes to the property pyDefaultAppName on the access group form, the Localized Label text:

Updated the application from {1} to {2}.

At run-time, this produces a memo similar to:

Updated the application from Mortgage to ConsumerLoan.

I want to audit the changes in decison table, for that i need to create my trigger on Rule-Declare-DecisionTable class. But when try to create the trigger, the error i see is below. Any other way to track decision table property changes, please suggest?