[
https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16389656#comment-16389656
]
Stefan Podkowinski commented on CASSANDRA-12151:
------------------------------------------------
To further summarize, let me quote [~jolynch]'s list of collected use cases
once more and add another use case highlighted with bold letters.
{quote} # Logging for security
# Logging for business accounting compliance (e.g. SOX).
# Logging for monetary transaction compliance (e.g. PCI).
# *Logging for data protection compliance (GDPR)*.
# Logging for replay later (e.g. for correctness testing)
# Logging for debugging{quote}
Why is user auditing relevant to comply with GDPR regulations? [Art.
30|https://gdpr-info.eu/art-30-gdpr/] mandates that organizations must maintain
records of processing activities. As already mentioned, this doesn't have to
take place in Cassandra directly and can often be done more effectively at
application level. But if data is manipulated manually, or say you have some
small adhoc tools that change data but won't produce valid logs, you need to be
able to enable auditing logging for these cases, to be able to document how
data was changed.
It's also required by [art. 32|https://gdpr-info.eu/art-32-gdpr/] that any
natural person must only process personal data as instructed, ie. you need to
have an activity log to be able to prove that this is actually the case.
> Audit logging for database activity
> -----------------------------------
>
> Key: CASSANDRA-12151
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12151
> Project: Cassandra
> Issue Type: New Feature
> Reporter: stefan setyadi
> Assignee: Vinay Chella
> Priority: Major
> Fix For: 4.x
>
> Attachments: 12151.txt,
> DesignProposal_AuditingFeature_ApacheCassandra_v1.docx
>
>
> we would like a way to enable cassandra to log database activity being done
> on our server.
> It should show username, remote address, timestamp, action type, keyspace,
> column family, and the query statement.
> it should also be able to log connection attempt and changes to the
> user/roles.
> I was thinking of making a new keyspace and insert an entry for every
> activity that occurs.
> Then It would be possible to query for specific activity or a query targeting
> a specific keyspace and column family.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
