Audit Transparent Data Encryption
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
To increase the security of your encrypted data, the auditing capabilities of OpenEdge are expanded to record events related to Transparent Data Encryption. The complete set of auditing policies related to Transparent Data Encryption are added to the policies.xml file. There is also a single, incremental audit policy in the file, policies_dbenc.xml, that can be imported into an existing auditing configuration. For more information on auditing, see Learn about Security and Auditing.
The table below lists the audit events related to Transparent Data Encryption.
| Event ID | Event Name | Detects | Operation |
|---|---|---|---|
| 11000 | _sys.db.enc.enable | Enable encryption | PROUTIL ENABLEENCRYPTION |
| 11001 | _sys.db.enc.disable | Disable encryption | PROUTIL DISABLEENCRYPTION |
| 11100 | _sys.ks.create | Create a new OpenEdge key store | PROUTIL ENABLEENCRYPTION; PROUTIL EPOLICY MANAGE key store reconstruct |
| 11101 | _sys.ks.delete | Delete an existing OpenEdge key store | PROUTIL DISABLEENCRYPTION |
| 11102 | _sys.ks.open.pass | Successfully opened an OpenEdge key store | PROUTIL EPOLICY MANAGE;internal ABL and SQL commands |
| 11103 | _sys.ks.rekey | Changed OpenEdge key store's encryption key | Not in use for this release |
| 11104 | _sys.ks.setcipher | Changed OpenEdge key store encryption cipher | Not in use for this release |
| 11105 | _sys.ks.setadmin.pwd | Changed OpenEdge key store's admin passphrase | PROUTIL EPOLICY MANAGE key store adminphrase … |
| 11106 | _sys.ks.setuser.pwd | Changed OpenEdge key store's user passphrase | PROUTIL EPOLICY MANAGE key store userphrase … |
| 11107 | _sys.ks.ke.create.pass | Successfully created new encryption key entry | PROUTIL ENABLEENCRYPTION; PROUTIL EPOLICY MANAGE key store reconstruct |
| _sys.ks.ke.update.pass | Successfully changed a key entry's owner, passphrase or state | PROUTIL DISABLEENCRYPTION | |
| 11109 | _sys.ks.ke.delete.pass | Successfully deleted a key entry | Not in use for this release |
| 11110 | _sys.ks.ke.read.pass | Successfully returned a clear-text encryption key | _mprosrv; database utilities; ABL single-user database connection |
| 11111 | _sys.ks.open.fail | Failed when attempting to open a OpenEdge key store | _mprosrv; database utilities; ABL single-user database connection |
| 11112 | _sys.ks.ke.create.fail | Failed when attempting to create a new key entry | PROUTIL ENABLEENCRYPTION |
| 11113 | _sys.ks.ke.update.fail | Failed when attempting to change a key entry's owner, passphrase, or state | PROUTIL DISABLEENCRYPTION |
| 11114 | _sys.ks.ke.delete.fail | Failed when attempting to delete a key entry | Not in use for this release |
| 11200 | _sys.as.create.pass | Successfully created new autostart credentials (for key store access) | PROUTIL ENABLEENCRYPTION |
| 11201 | _sys.as.delete.pass | Successfully deleted existing autostart credentials (for key store access) | PROUTIL DISABLEENCRYPTION |
| 11202 | _sys.as.open.pass | Successfully opened autostart credentials and accessed the key store | _mprosrv; database utilities; ABL single-user database connection |
| 11203 | _sys.as.recover.pass | Successfully forced new autostart credentials and OpenEdge key store passphrase credentials after lockout condition entered | PROUTIL EPOLICY MANAGE key store reconstruct |
| 11204 | _sys.as.update.pass | Successfully updated autostart credentials (for key store access) | PROUTIL EPOLICY MANAGE KEYSTORE [autostart | userphrase | rebind];PROUTIL EPOLICY MANAGE AUTOSTART |
| 11205 | _sys.as.open.fail | Successfully opened autostart credentials but failed to access the key store | _mprosrv; database utilities; ABL single-user database connection |
| 11206 | _sys.as.update.fail | Failure found when updating autostart credentials | PROUTIL EPOLICY MANAGE KEYSTORE [autostart | userphrase | rebind]PROUTIL EPOLICY MANAGE AUTOSTART |
| 11207 | _sys.as.recover.fail | Failed to forced new autostart credentials and OpenEdge key store passphrase credentials after lockout condition entered | PROUTIL EPOLICY MANAGE key store reconstruct |
| 11300 | _sys.enc.scan | Started a scan of an encrypted object to determine the # of blocks related to each object security policy | PROUTIL EPOLICY SCAN |
| 11301 | _sys.enc.update | Started an update of an encrypted object to re-encrypt previous policy encrypted block with the current policy | PROUTIL EPOLICY UPDATE |
| 11400 | _sys.db.dbpolicy.create | Create a new version of a database master key's security policy | PROUTIL ENABLEENCRYPTION |
| 11401 | _sys.db.dbpolicy.update | Updated an existing database master key's security policy's information | Not in use for this release |
| 11402 | _sys.db.dbpolicy.delete | Deleted an existing database master key's security policy [version] | PROUTIL DISABLEENCRYPTION |
| 11500 | _sys.db.objpolicy.create | Create a new version of a database object's security policy | PROUTIL EPOLICY MANAGE;internal ABL and SQL commands |
| 11501 | _sys.db.objpolicy.update | Update an existing database object security policy's state | PROUTIL EPOLICY MANAGE;internal ABL and SQL commands |
| 11502 | _sys.db.objpolicy.delete | Delete an existing [version] of a database object's encryption policy | Dictionary: delete table/index SQL: DROP table/index … proutil: TBD |
| 11600 | _sys.db.pwdpolicy.create | Create a new version of a database passphrase rules policy | PROUTIL ENABLEENCRYPTION |
| 11601 | _sys.db.pwdpolicy.update | Update an existing [version] of a database passphrase rules policy | Not in use for this release |
| 11602 | _sys.db.pwdpolicy.delete | Delete an existing [version] of a database passphrase rules policy | PROUTIL DISABLEENCRYPTION |
Data Admin provides three reports to track audited activities related to transparent data encryption. The reports are as follows:
- Track Encryption Policy Changes Report — Reports any events related to encryption policy maintenance. Events with IDs 11400-11402, 11500-11502, and 11600-11602 are tracked by this report.
- Track Key-store Changes Report — Reports any events related to the key store and autostart. Events with IDs 11100-11114 and 11200-11207 are tracked by this report.
- Database Encryption Administration (Utilities) Report — Reports events such as enabling and disabling encryption for your database, and scan and update utilities. Events with IDs 11000, 11001, 11300, and 11301 are tracked by this report.