S3Audit
Table of Contents
Purpose
S3Audit keeps a log of all data access (CRUD actions): who accessed which records how and when.
The audit trail is stored in the database (table s3_audit).
Configuration
S3Audit can be activated by two deployment settings:
# Log read access (i.e. list and read methods) settings.security.audit_read = True # Log write access (i.e. create, update and delete methods) settings.security.audit_write = True
Alternatively, these settings can take a callback function that returns True or False in order to determine whether the action will be logged or not (True=log the action, False=do not log), thus allowing granular control about which actions are recorded.
The callback function has the signature:
def audit_callback(method, tablename, form, record, representation):
| Parameter | Explanation |
|---|---|
| method | The access method (create, list, read, update, delete) |
| tablename | Name of the table accessed |
| record | The record ID (None for multiple records) |
| representation | The representation format of the request |
Logging Actions
S3Audit is called during CRUD actions as:
current.audit(method, prefix, name, record=record, representation=representation)
| Parameter | Explanation |
|---|---|
| method | The access method (create, list, read, update, delete) |
| prefix | The prefix of the table name |
| name | The tablename without prefix |
| record | The record ID (None for multiple records) |
| representation | The representation format of the request |
Code
S3Audit can be found in modules/s3/s3aaa.py.
The s3_audit table is created by the S3Audit class internally on demand (=no separate model).
The default/audit controller can be used to access the audit trail.
