[
https://issues.apache.org/jira/browse/OFBIZ-12391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452797#comment-17452797
]
Pierre Smits commented on OFBIZ-12391:
--------------------------------------
Hi Scott,
Thanks for sharing your insights and experiences. IMO, we should now take this
to dev ml, as this starts getting much bigger than just improving a small
portion of the code.
> Trustworthy OFBiz - audit capabilities
> --------------------------------------
>
> Key: OFBIZ-12391
> URL: https://issues.apache.org/jira/browse/OFBIZ-12391
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS, framework/entity
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: audit, entity, investigation, mvp, trust, usability
>
> When potential adopters want to use OFBiz as their primary solution for
> business critical ERP (and related) processes, they (or at least their
> auditors) want to be sure that they can see:
> # who created the record in the underlying rdbms,
> # when that record was created,
> # who was the last one to modify the record
> # when the modification happened.
> Currently out of the 800+ entities defined in the various entity model files,
> only a fraction of the entities have fields defined for
> * createdDate (23)
> * createdByUserLogin (30)
> * lastModifiedDate (24)
> * lastModifiedByUserLogin (29)
> which means that for crucial entities (for a business) in OFBiz entities
> records can be created and changed (for nefarious reasons) without auditors
> and other investigators being able to state anything regarding the above 4
> points.
> Currently there are over 600 entity-auto services invoking 'create', and
> approximately the same amount of services that invoke 'update', that could
> automatically set the fields listed above. However it is not done, because
> these have not been defined.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
