wiki:S3/S3Audit

S3Audit

Purpose

S3Audit keeps a log of all data access (CRUD actions): who accessed which records how and when.

The audit trail is stored in the database (table s3_audit).

Configuration

S3Audit can be activated by two deployment settings:

# Log read access (i.e. list and read methods)
settings.security.audit_read = True
# Log write access (i.e. create, update and delete methods)
settings.security.audit_write = True

Alternatively, these settings can take a callback function that returns True or False in order to determine whether the action will be logged or not (True=log the action, False=do not log), thus allowing granular control about which actions are recorded.

The callback function has the signature:

def audit_callback(method, tablename, form, record, representation):
ParameterExplanation
methodThe access method (create, list, read, update, delete)
tablenameName of the table accessed
recordThe record ID (None for multiple records)
representationThe representation format of the request

Logging Actions

S3Audit is called during CRUD actions as:

current.audit(method, prefix, name, record=record, representation=representation)
ParameterExplanation
methodThe access method (create, list, read, update, delete)
prefixThe prefix of the table name
nameThe tablename without prefix
recordThe record ID (None for multiple records)
representationThe representation format of the request

Code

S3Audit can be found in modules/s3/s3aaa.py.

The s3_audit table is created by the S3Audit class internally on demand (=no separate model).

The default/audit controller can be used to access the audit trail.

Last modified 10 years ago Last modified on 08/20/14 12:30:55
Note: See TracWiki for help on using the wiki.