Sage X3 — Extraction Guide

Data Extraction Guide
for Sage X3

Step-by-step instructions for your IT team to extract the required data files from Sage X3 via the Syracuse REST API for the AuditCore security and controls assessment.

18Data Files
6Domains
40+Checks
~25 minEst. Time
All Guides
0 Before You Begin
Automated extraction recommended. Extract-AuditCoreSageX3.ps1 uses the Sage X3 Syracuse REST API to extract all 18 files. No additional PowerShell modules required.
Read-only — no changes to Sage X3. All operations are HTTP GET requests. AuditCore never writes to, creates, or deletes any X3 records. Disable the extraction account after the assessment.
RequirementDetailsNotes
Sage X3 UserADMIN profile or full-access equivalentRequired for AUTILIS, ADXTRACE, ADXLOG tables
Syracuse Server URLhttps://[host]:[port] (default HTTPS port: 8124)REST base: /api1/x3/erp/[solution]/
Solution/Folder Namee.g. ACME, X3DEMO, PRODAdministration → Folders → Solution name
Audit Table (ADXTRACE)Must be enabled in Parameters → TraceabilityRequired for audit_table.csv and change-tracking checks
1 Required Files (18 total)
Identity & Access
users.csvIdentity

User Accounts (AUTILIS)

All X3 users from AUTILIS table: user code, profile, status, last login, admin flag, auth type

user_profiles.csvIdentity

User Profiles / Function Sets

Profile definitions: access type (ALL/RESTRICTED/READ), description, created date

function_authorizations.csvIdentity

Function Authorizations

Per-profile function access: function code (GACCENTRY, PAYMENTH, PTEMPH), access level, module

Audit & Compliance
connection_log.csvAudit

Connection Log (ADXLOG)

Login events from ADXLOG: user code, date, IP address, status, session duration, logout type

audit_table.csvAudit

Audit Table (ADXTRACE)

Record change history from ADXTRACE: table, field, user, modification date, old/new value, action type

Financial Controls
workflows.csvFinancial

Workflow Definitions

X3 workflow config: object code, enabled flag, approval required, approver profile, dual approval

fiscal_periods.csvFinancial

Fiscal Periods

All fiscal periods: period code, start/end dates, status (OPEN/CLOSED), fiscal year

journal_entries.csvFinancial

Journal Entries (GACCENTRY)

Manual journals (last 90 days): journal ID, date, amount, created by, approved by, period status

purchase_orders.csvFinancial

Purchase Orders (PORDER)

PO records (last 90 days): PO ID, amount, supplier, created by, approved by, status

vendor_master.csvFinancial

Vendor Master (BPSUPPLIER)

All suppliers: vendor ID, name, tax ID, bank account (masked), modified by, approved by

payment_transactions.csvFinancial

Payment Transactions (PAYMENTH)

Payment records (last 90 days): payment ID, amount, vendor, created by, approved by, method

approval_history.csvFinancial

Approval / Signature History

Workflow signature events: object code, submitted by, approved by, date, status, notes

Integration Security / Data Security / System Config
webservices_endpoints.csvIntegration

Web Services Endpoints

Syracuse web service endpoints: URL, auth type (Basic/None/OAuth), status, last used

batch_servers.csvIntegration

Batch Server Configuration

X3 batch task server settings: server name, host, status, run-as user, batch type

data_access_rules.csvData Sec

Data Access Rules

GESAME data restriction rules: table, profile, access type, filter condition

report_permissions.csvData Sec

Report & Inquiry Permissions

Report access: report code, profiles with access, access level, data filter

site_settings.csvSys Config

Site / Folder Settings

System parameters (ADPPAR): session timeout, default admin changed, patch level, HTTPS, debug mode

password_settings.csvSys Config

Password & Security Settings

Password policy: min length, complexity requirements, expiry, lockout threshold, history

2 Automated Extraction (Recommended)
Fastest path. Extract-AuditCoreSageX3.ps1 queries the Syracuse REST API and saves all 18 files. Requires PowerShell 5.1+, no additional modules needed.
  1. 1Confirm the Syracuse server is reachable: open a browser to https://[host]:[port]/api1/x3/erp/[solution]/AUTILIS?$top=1 — you should see a JSON response.
  2. 2If ADXTRACE (audit table) is not enabled, enable it now: Administration → Parameters → General Parameters → ADXTRACE → set to Active.
  3. 3Download Extract-AuditCoreSageX3.ps1 and run:
    # Run with Syracuse credentials .\Extract-AuditCoreSageX3.ps1 ` -ServerUrl "https://x3.yourcompany.com:8124" ` -Solution "ACME" ` -Username "ADMIN" ` -Password "YourPassword" # For self-signed certificates (development/test environments only) .\Extract-AuditCoreSageX3.ps1 -ServerUrl "https://x3.internal:8124" ` -Solution "ACME" -Username "ADMIN" -Password "pass" ` -SkipCertificateCheck
  4. 4All 18 CSV files saved to C:\AuditCore\SageX3\.
  5. 5Upload to AuditCore → New Audit → Sage X3 → Bulk Upload.
Find your Solution name. The solution/folder name is shown in Sage X3 under Administration → Folders → Solution. It is case-sensitive and typically uppercase (e.g. ACME, X3DEMO, PROD).
3 Manual Extraction
FileExport Path in Sage X3Notes
users.csvAdministration → Users → AUTILIS → List → ExportInclude all active and inactive users
user_profiles.csvAdministration → Profiles → List → Export
function_authorizations.csvAdministration → Profiles → Function Access → ExportExport per-profile function assignments
connection_log.csvAdministration → Log → ADXLOG → ExportFilter last 90 days
audit_table.csvUsage → Audit → ADXTRACE → Export (if enabled)Must enable ADXTRACE first
journal_entries.csvAccounting → Journals → List → Export to CSVFilter last 90 days; include GACCENTRY fields
purchase_orders.csvPurchasing → Orders → List → Export to CSVFilter last 90 days
vendor_master.csvCommon Data → Business Partners → Suppliers → List → ExportInclude bank account and modification fields
fiscal_periods.csvAccounting → Fiscal Years → Periods → Export
site_settings.csvAdministration → Parameters → manual transcription into templateUse CSV template provided by AuditCore
4 Uploading to AuditCore
  1. 1Log in to AuditCore and click New Audit.
  2. 2Name the audit (e.g. "Acme X3 — Q1 2026 Assessment") and select Sage X3.
  3. 3Switch to Bulk Upload and drag in all 18 CSV files from C:\AuditCore\SageX3\.
  4. 4Verify Match Summary shows files matched (green), then click Run Assessment.
  5. 5Results within 2 minutes — full findings, risk score, remediation guidance, and DOCX/PDF export.
5 Troubleshooting
IssueLikely CauseResolution
"404 Not Found" on API requestsIncorrect URL or solution nameConfirm base URL: https://[host]:[port]/api1/x3/erp/[solution]/. Check solution name in Administration → Folders.
"401 Unauthorized"Wrong credentials or account lockedVerify ADMIN username and password. Check Administration → Users → account not locked.
audit_table.csv emptyADXTRACE not enabledEnable in Administration → General Parameters → ADXTRACE → set to Active. Then re-run script.
connection_log.csv emptyADXLOG not enabledEnable in Administration → Activity Codes → ADXLOG
SSL certificate errorSelf-signed certificate not trustedAdd -SkipCertificateCheck to script (test environments only), or install the certificate in the Windows trusted store.
Script returns 0 rows for function_authorizationsAFONCTION endpoint naming varies by X3 versionTry endpoint /AUTILIS with profile filter or contact support@vergent.co.ke for version-specific guidance.
patch_level not found in site_settingsADPPAR table naming variesTry /ADPVAL endpoint. Script includes automatic fallback — check output log.
Ready to start your Sage X3 assessment?
Upload your extracted files and receive a full Sage X3 security report within minutes.
Go to Dashboard