[jira] [Commented] (OFBIZ-12391) Trustworthy OFBiz - audit capabilities

Thu, 02 Dec 2021 06:11:49 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452423#comment-17452423
 ] 

Michael Brohl commented on OFBIZ-12391:
---------------------------------------

To make my position more clear: I see that this is a valid requirement and that 
we have to find a good solution for both users who have a need for the audit 
fields and who have not.

I just don't see the initial solution as sufficient/valid and try to find a 
collaborative way for a more comprehensive solution which fits both needs, is 
easily configurable and avoids hard coding.

I thought about it more deeply during my midday run and need some time to write 
down my thoughts and answers to your responses. I will come back to you at the 
end of the week latest.

> Trustworthy OFBiz - audit capabilities
> --------------------------------------
>
>                 Key: OFBIZ-12391
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12391
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL COMPONENTS, framework/entity
>    Affects Versions: Trunk
>            Reporter: Pierre Smits
>            Assignee: Pierre Smits
>            Priority: Major
>              Labels: audit, entity, investigation, mvp, trust, usability
>
> When potential adopters want to use OFBiz as their primary solution for 
> business critical ERP (and related) processes, they (or at least their 
> auditors) want to be sure that they can see:
>  # who created the record in the underlying rdbms,
>  # when that record was created,
>  # who was the last one to modify the record
>  # when the modification happened.
> Currently out of the 800+ entities defined in the various entity model files, 
> only a fraction of the entities have fields defined for
>  * createdDate (23)
>  * createdByUserLogin (30)
>  * lastModifiedDate (24)
>  * lastModifiedByUserLogin (29)
> which means that for crucial entities (for a business) in OFBiz entities 
> records can be created and changed (for nefarious reasons) without auditors 
> and other investigators being able to state anything regarding the above 4 
> points.
> Currently there are over 600 entity-auto services invoking 'create', and 
> approximately the same amount of services that invoke 'update', that could 
> automatically set the fields listed above. However it is not done, because 
> these have not been defined.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to