= S3Audit =
[[TOC]]

== Purpose ==

'''S3Audit''' keeps a log of all data access (CRUD actions): who accessed which records how and when. 

The audit trail is stored in the database (table ''s3_audit'').
== Configuration ==

S3Audit can be activated by two deployment settings:

{{{#!python
# Log read access (i.e. list and read methods)
settings.security.audit_read = True
# Log write access (i.e. create, update and delete methods)
settings.security.audit_write = True
}}}

Alternatively, these settings can take a callback function that ''returns'' True or False in order to determine whether the action will be logged or not (True=log the action, False=do not log), thus allowing granular control about which actions are recorded.

The callback function has the signature:
{{{#!python
def audit_callback(method, tablename, form, record, representation):
}}}

||=Parameter=||=Explanation=||
||'''method'''||The access method (create, list, read, update, delete)||
||'''tablename'''||Name of the table accessed||
||'''record'''||The record ID (None for multiple records)||
||'''representation'''||The representation format of the request||


== Hooks ==

  - ''tbw''

== Code ==

  - ''tbw''