Sage X3 — Extraction Guide

Data Extraction Guide
for Sage X3

Step-by-step instructions for your IT team to extract the required data files from Sage X3 via the Syracuse REST API for the V/ergent security and controls assessment. Includes Release 5 programme packs: 25 AML / Wolfsberg controls + 50 cross-system SoD rules + (SAP-only) 30 SAP-GRC-parity fraud patterns.

18Data Files
6Domains
105+Checks + R5 rules
~25 minEst. Time
All Guides
Quick start

Recommended extraction path

Use the V/ergent extractor first. It writes CSVs to a timestamped folder under C:\Vergent\Export, then you upload that folder into the audit project.

Get extractor
1. Confirm accessUse the read-only role/API scopes listed below.
2. Download with codePaid/active users receive an email code before download.
3. Run locallyPowerShell writes CSV output; V/ergent does not receive credentials.
4. Upload and auditUpload CSVs, confirm file match, then run the audit.
Manual path if automated extraction is blocked

Use the required-file list below as the manual checklist. Keep filenames unchanged, leave unavailable files empty with only headers, and record any missing source in the upload notes before running the audit.

0 Before You Begin
Automated extraction recommended. Extract-VergentSageX3.ps1 uses the Sage X3 Syracuse REST API to extract all 18 files. No additional PowerShell modules required.
Read-only — no changes to Sage X3. All operations are HTTP GET requests. V/ergent never writes to, creates, or deletes any X3 records. Disable the extraction account after the assessment.
RequirementDetailsNotes
Sage X3 UserADMIN profile or full-access equivalentRequired for AUTILIS, ADXTRACE, ADXLOG tables
Syracuse Server URLhttps://[host]:[port] (default HTTPS port: 8124)REST base: /api1/x3/erp/[solution]/
Solution/Folder Namee.g. ACME, X3DEMO, PRODAdministration → Folders → Solution name
Audit Table (ADXTRACE)Must be enabled in Parameters → TraceabilityRequired for audit_table.csv and change-tracking checks
1 Required Files (18 total)
Identity & Access
users.csvIdentity

User Accounts (AUTILIS)

All X3 users from AUTILIS table: user code, profile, status, last login, admin flag, auth type

user_profiles.csvIdentity

User Profiles / Function Sets

Profile definitions: access type (ALL/RESTRICTED/READ), description, created date

function_authorizations.csvIdentity

Function Authorizations

Per-profile function access: function code (GACCENTRY, PAYMENTH, PTEMPH), access level, module

Audit & Compliance
connection_log.csvAudit

Connection Log (ADXLOG)

Login events from ADXLOG: user code, date, IP address, status, session duration, logout type

audit_table.csvAudit

Audit Table (ADXTRACE)

Record change history from ADXTRACE: table, field, user, modification date, old/new value, action type

Financial Controls
workflows.csvFinancial

Workflow Definitions

X3 workflow config: object code, enabled flag, approval required, approver profile, dual approval

fiscal_periods.csvFinancial

Fiscal Periods

All fiscal periods: period code, start/end dates, status (OPEN/CLOSED), fiscal year

journal_entries.csvFinancial

Journal Entries (GACCENTRY)

Manual journals (last 90 days): journal ID, date, amount, created by, approved by, period status

purchase_orders.csvFinancial

Purchase Orders (PORDER)

PO records (last 90 days): PO ID, amount, supplier, created by, approved by, status

vendor_master.csvFinancial

Vendor Master (BPSUPPLIER)

All suppliers: vendor ID, name, tax ID, bank account (masked), modified by, approved by

payment_transactions.csvFinancial

Payment Transactions (PAYMENTH)

Payment records (last 90 days): payment ID, amount, vendor, created by, approved by, method

approval_history.csvFinancial

Approval / Signature History

Workflow signature events: object code, submitted by, approved by, date, status, notes

Integration Security / Data Security / System Config
webservices_endpoints.csvIntegration

Web Services Endpoints

Syracuse web service endpoints: URL, auth type (Basic/None/OAuth), status, last used

batch_servers.csvIntegration

Batch Server Configuration

X3 batch task server settings: server name, host, status, run-as user, batch type

data_access_rules.csvData Sec

Data Access Rules

GESAME data restriction rules: table, profile, access type, filter condition

report_permissions.csvData Sec

Report & Inquiry Permissions

Report access: report code, profiles with access, access level, data filter

site_settings.csvSys Config

Site / Folder Settings

System parameters (ADPPAR): session timeout, default admin changed, patch level, HTTPS, debug mode

password_settings.csvSys Config

Password & Security Settings

Password policy: min length, complexity requirements, expiry, lockout threshold, history

Detailed extraction steps require sign-in
The full extraction guide — including SQL queries, transaction codes, PowerShell scripts, and the complete file/table reference — is available to V/ergent customers. The overview above tells you what's involved; sign in to access the operational detail.
Sign in Create account
Already a customer? Sign in here.
Ready to start your Sage X3 assessment?
Upload your extracted files and receive a full Sage X3 security report within minutes.
Go to Dashboard
What V/ergent ships for Sage X3 (Release 5)

Native coverage: 16 SoD rules (SX3-SOD-001..016).

Plus the three Release 5 programme packs that run alongside this platform's audit:

Every finding carries citations across 13 frameworks (COSO 2013, COBIT 2019, NIST CSF 2.0, ISO 27001:2022, CIS v8, SOX ITGC, SOC 2 TSC, PCI DSS v4, HIPAA, DORA, NIS2, GDPR, Kenya DPA) — 11 of 13 at ≥75% mapped coverage. See the Check Packs page for per-pack framework coverage badges.