We’re experiencing a critical issue where our audit trail is not capturing defect state transitions during promotion workflows. Our compliance team flagged this during SOX audit preparation.
The problem occurs specifically when defects move from Development to QA environment through our automated promotion process. The Audit Trail configuration appears correct in our workspace settings, but logs show gaps for these specific transitions.
We’ve verified:
- Workspace permissions are properly configured for audit logging
- Subscription Rules are active for defect state changes
- Manual defect updates ARE being logged correctly
Has anyone encountered similar issues with audit trail persistence during automated defect promotions? This is blocking our compliance certification.
Here’s our current promotion call structure:
POST /defect/{ObjectID}
ScheduleState: "QA"
Workspace: "/workspace/12345"
We’re updating each defect individually, not using bulk operations. The updates succeed but don’t appear in audit logs.
This is a known behavior with certain API usage patterns. When using bulk update operations or specific API endpoints, audit trail generation can be inconsistent. The key is ensuring your API calls are structured to trigger the audit subsystem properly. Can you share the specific API endpoint and request structure you’re using for the defect promotions?
Based on the code snippet and symptoms, I can identify the root cause. Your API calls are missing the audit context headers that Rally requires for proper audit trail generation during automated operations.
Solution - Addressing All Audit Requirements:
1. Audit Trail Configuration:
First, verify workspace audit settings are enabled for defect state transitions. Navigate to Workspace Setup → Audit Configuration and ensure “Track Defect State Changes” is enabled.
2. API Call Enhancement:
Modify your API calls to include proper audit context:
POST /defect/{ObjectID}
Headers:
X-RallyIntegrationName: "DefectPromotion"
X-RallyIntegrationVendor: "YourCompany"
X-RallyIntegrationVersion: "1.0"
Body:
ScheduleState: "QA"
Workspace: "/workspace/12345"
3. Subscription Rules Verification:
Your Subscription Rules must capture automated changes. Edit your defect subscription to include:
- Trigger: “Defect State Changed”
- Scope: “All Changes (Manual and Automated)”
- Attribute Filter: Include “ScheduleState” in monitored attributes
4. Workspace Permissions Check:
Ensure your service account has “Audit Log Write” permission explicitly granted. This is separate from standard write permissions and often overlooked.
5. Defect State Transition Validation:
Verify your workflow allows direct QA transitions. Some configurations require intermediate states, and skipping them can prevent audit logging. Check Workspace → Defect Workflow Settings.
Testing:
After implementing these changes, test with a single defect promotion and check the audit log within 5 minutes. Audit events can have a slight delay but should appear quickly.
Compliance Note:
For SOX compliance, you’ll also want to configure audit log retention policies. Navigate to Admin → Audit Settings and set retention to at least 7 years for financial compliance requirements.
This approach ensures complete audit trail capture for both manual and automated defect promotions while maintaining compliance standards.