Skip to main content

Audit Trails

Audit trails provide a complete history of all changes made to objects in Open Register. This feature ensures transparency and accountability by tracking who made what changes and when. The implementation follows the GEMMA Processing Logging standard.

Overview

The audit trail system automatically records:

  • All modifications to objects
  • Individual object reads (but not collection reads)
  • Who made the changes
  • When changes occurred
  • What specific data was changed
  • The reason for changes (when provided)
  • Processing activities

Read Action Logging

The system only logs read actions when accessing individual objects (e.g., GET /api/objects/123). Collection reads and search operations (e.g., GET /api/objects?name=test) are intentionally not logged for several important reasons:

  1. Performance Impact

    • Collection reads can return hundreds or thousands of objects
    • Logging each object view would create massive amounts of audit data
    • Database performance would degrade significantly
  2. Storage Concerns

    • The audit log would grow exponentially
    • Storage costs would increase dramatically
    • Valuable audit data would be diluted with less meaningful entries
  3. Meaningful Tracking

    • Individual object reads indicate specific interest in that object
    • Collection reads are often exploratory or part of routine operations
    • Focus on logging deliberate access to specific objects

Logged Information

FieldDescriptionExampleHow Determined
uuidUnique identifier for the audit entry550e8400-e29b-41d4-a716-446655440000Generated using UUID v4
schemaSchema ID of the modified object42From object's schema reference
registerRegister ID of the modified object123From object's register reference
objectObject ID that was modified456From modified object's ID
actionType of change that occurredcreate, read, update, deleteDetermined by system operation
changedArray of modified fields with old/new values{"name": {"old": "John", "new": "Jane"}}Diff between object states
userID of the user who made the changeadminFrom authenticated user session
userNameDisplay name of the userAdministratorFrom user profile
sessionSession ID when change occurredsess_89d7h2From current session
requestRequest ID for tracingreq_7d8h3jGenerated per request
ipAddressIP address of the request192.168.1.1From request headers
versionObject version after change1.0.0Incremented on each change
createdTimestamp of the change2024-03-15T14:30:00ZServer timestamp

Additional Required Fields

To enhance audit logging, we should add:

FieldDescriptionHow Determined
processingActivityThe processing activity from the registryFrom process registry lookup
processingThe specific task being performedFrom application context
operationThe step in the processing taskFrom system operation
legalBasisLegal basis for the processingFrom process configuration
retentionPeriodRetention period for the dataFrom schema configuration
executorThe system or person executing the actionFrom authenticated context
systemThe system where the action occurredFrom application config
dataSourceThe source of the dataFrom data origin tracking

Processing Logging Structure

The audit trail system follows this hierarchical structure:

  1. Processing Activity

    • High-level category of data processing
    • Determined by: Process registry lookup
    • Example: "Citizen Registration"
  2. Processing

    • Specific task being executed
    • Determined by: Application context
    • Example: "Address Change Request"
  3. Operation

    • Individual step in processing
    • Determined by: System operation
    • Example: "Validate Address"
  4. Action

    • Actual system operation
    • Determined by: Database operation
    • Example: "Update Address Field"

Key Benefits

  1. Compliance & Accountability

    • Meet regulatory requirements
    • Track responsibility for changes
    • Maintain data integrity records
  2. Change Management

    • Review modification history
    • Understand data evolution
    • Investigate data issues
  3. Security

    • Detect unauthorized changes
    • Monitor sensitive data access
    • Support security audits

Integration

Audit trails are automatically enabled for all objects in Open Register. No additional configuration is required to start tracking changes.

Access

Audit trails can be accessed:

  • Through the object detail view
  • Via the API
  • Through database queries (for system administrators)