[
https://issues.apache.org/jira/browse/OFBIZ-12391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Smits updated OFBIZ-12391:
---------------------------------
Description:
When potential adopters want to use OFBiz as their primary solution for
business critical ERP (and related) processes, they (or at least their
auditors) want to be sure that they can see:
# who created the record in the underlying rdbms,
# when that record was created,
# who was the last one to modify the record
# when the modification happened.
Currently out of the 800+ entities defined in the various entity model files,
only a fraction of the entities have fields defined for
* createdDate (23)
* createdByUserLogin (30)
* lastModifiedDate (24)
* lastModifiedByUserLogin (29)
which means that for crucial entities (for a business) in OFBiz entities
records can be created and changed (for nefarious reasons) without auditors and
other investigators being able to state anything regarding the above 4 points.
was:
When potential adopters want to use OFBiz as their primary solution for
business critical ERP (and related) processes, they (or at least their
auditors) want to be sure that they can see:
# who created the record in the underlying rdbms,
# when that record was created,
# who was the last one to modify the record
# when the modification happened.
Currently out of the 800+ entities defined in the various entity model files,
only a fraction of the entities have fields defined for
* createdDate (38)
* createdByUserLogin (64)
* lastModifiedDate (32)
* lastModifiedByUserLogin (32)
which means that for crucial entities (for a business) in OFBiz entities
records can be created and changed (for nefarious reasons) without auditors and
other investigators being able to state anything regarding the above 4 points.
> Trustworthy OFBiz - audit capabilities
> --------------------------------------
>
> Key: OFBIZ-12391
> URL: https://issues.apache.org/jira/browse/OFBIZ-12391
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/entity
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: audit, entity, investigation, mvp, trust, usability
>
> When potential adopters want to use OFBiz as their primary solution for
> business critical ERP (and related) processes, they (or at least their
> auditors) want to be sure that they can see:
> # who created the record in the underlying rdbms,
> # when that record was created,
> # who was the last one to modify the record
> # when the modification happened.
> Currently out of the 800+ entities defined in the various entity model files,
> only a fraction of the entities have fields defined for
> * createdDate (23)
> * createdByUserLogin (30)
> * lastModifiedDate (24)
> * lastModifiedByUserLogin (29)
> which means that for crucial entities (for a business) in OFBiz entities
> records can be created and changed (for nefarious reasons) without auditors
> and other investigators being able to state anything regarding the above 4
> points.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
