= S3Audit =
[[TOC]]

== Purpose ==

'''S3Audit''' keeps a log of all data access (CRUD actions): who accessed which records how and when. 

The audit trail is stored in the database (table ''s3_audit'').
== Configuration ==

S3Audit can be activated by two deployment settings:

{{{#!python
# Log read access (i.e. list and read methods)
settings.security.audit_read = True
# Log write access (i.e. create, update and delete methods)
settings.security.audit_write = True
}}}

Alternatively, these settings can take a callback function with the signature:

{{{#!python
def audit_callback(method, tablename, form, record, representation):

   return True
}}}

It takes the following parameters:

||=Parameter=||=Explanation=||
||'''method'''||The access method (create, list, read, update, delete)||
||'''tablename'''||Name of the table accessed||
||'''record'''||The record ID (None for multiple records)||
||'''representation'''||The representation format of the request||

The return value of the callback function (True/False) determines whether the action will be logged or not, thus allowing granular control about which actions are recorded.
== Hooks ==

  - ''tbw''

== Code ==

  - ''tbw''