Audit - Logging database changes with JRapid

From JRapid

Jump to: navigation, search

Introduction

In majority of corporate IT projects it is an essential requirement for a system to keep an audit record of every data modification. This can help in detecting and analyzing breaches in user and application behavior, intentional or accidental, and performing forensic analysis for detecting fraud, outsider intrusion, and employee misbehavior. Auditing an enterprise’s databases has always been an excellent practice to safeguard data integrity.

JRapid provides an easy and fast way of implementing this key feature for your web app.

Adding Audit to your Entities

All that you have to do is specify the auditlevel attribute for the entities that you want to audit. For each audited entity, records will be created in another entity, which will hold the history of changes made to the data.

This other entity must be named AuditLog and have all the necessary properties the audit process expects to record every change. Luckily for us, it can be imported using the Audit template.

NOTE: Update you JRapid project's version and make sure it is at least 1.0nb82 to 
avoid incorrect validation errors, although these are only warning messages that will not prevent the generation process
from running.


The imported entity looks like this:

    <entity label="Audit Log" menu="Audit" name="AuditLog" noadd="noadd" noremove="noremove">
        <subset name="forEntity">
            <param name="entityParam" type="string"/>
            <condition field="entity" value="entityParam"/>
        </subset>
        <subset name="forInstance">
            <param name="entityParam" type="string"/>
            <param name="rowIdParam" type="string"/>
            <condition field="entity" value="entityParam"/>
            <condition field="rowId" value="rowIdParam"/>
        </subset>
        <filter display="primary" label="Entity" name="entity" property="entity"/>
        <filter display="primary" label="Row Id" name="rowId" property="rowId"/>
        <filter display="primary" label="From Date" name="fromDate" type="datetime">
            <condition field="auditDate" ge="fromDate"/>
        </filter>
        <filter display="primary" label="To Date" name="toDate" type="datetime">
            <condition field="auditDate" le="toDate"/>
        </filter>
        <filter display="primary" label="Username" name="username" property="username"/>
        <filter display="primary" label="Property" name="property" property="property"/>
        <filter display="primary" label="Action" name="actionName" property="actionName"/>
        <filter display="primary" label="Old Value" name="oldValue" property="oldValue"/>
        <filter display="primary" label="New Value" name="newValue" property="newValue"/>
        <property display="primary" fixed="fixed" label="Entity" name="entity"/>
        <property display="primary" fixed="fixed" label="Row Id" name="rowId"/>
        <property display="secondary" fixed="fixed" label="Date" name="auditDate" type="datetime"/>
        <property display="secondary" fixed="fixed" label="Username" name="username"/>
        <property display="primary" fixed="fixed" label="Property" name="property"/>
        <property display="secondary" fixed="fixed" label="Action Name" name="actionName"/>
        <property display="secondary" fixed="fixed" label="Old Value" name="oldValue"/>
        <property display="secondary" fixed="fixed" label="New Value" name="newValue"/>
    </entity>

Another important thing to bare in mind is that if we wish to know who made the changes we must have authentication set up for our web app. This allows users to start a session and therefore be recognizable by the system to log the actions they perform. Note that if no authentication is provided, the audit process will log changes anyway, but this will not specify any user as the responsible for the modification.

The authentication of users can be easily achieved too by using the User management template.

Suppose we have an app with a Company and a Contact entity that we want to keep track of every change users make on their records. Here is the definition of the entities with their auditlevel attributes in place.

    <entity auditlevel="ALL_PROPERTIES" label="Company" menu="Companies" name="Company">
        <property display="primary" label="Name" name="name"/>
        <property label="Address" name="address" type="text"/>
    </entity>

    <entity auditlevel="ALL_PROPERTIES" label="Contact" menu="Contacts" name="Contact">
        <property display="primary" label="First Name" name="firstName"/>
        <property display="primary" label="Last Name" name="lastName"/>
        <property label="Date Of Birth" name="dateOfBirth" type="date"/>
        <property display="secondary" entity="Company" label="Company" name="company"/>
    </entity>

The generated forms for these two entities will include a link that opens the AuditLog listing with its records filtered for the corresponding entity record. You can access the default listing showing every change made to every entity too.


File:audit1.png


See also

Personal tools