[
https://issues.apache.org/jira/browse/OFBIZ-12391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452341#comment-17452341
]
Pierre Smits edited comment on OFBIZ-12391 at 12/2/21, 11:21 AM:
-----------------------------------------------------------------
Gutentag Michael,
Indeed, I am aware of this has a impact on GDPR policies and procedures of the
OFBiz using organisations (in EU countries, and others with their own variants,
e.g. US with CCPA). However, given that any OFBiz using organisation needs to
have those anyway (especially when processing consumer data), this change
doesn't have that great of a organisational impact.
It is a one-time process, required to be executed when the OFBiz instance is
initialising and building the tables (and their fields) in the underlying
(r)dbms.
Like I said, easiest to implement now. And while we just provide the basic
(technical) capability, we also provide a tangent to the integrators to
potentially add additional (consultancy) revenues vis-a-vis OFBiz and GDPR
implications.
was (Author: pfm.smits):
Gutentag Michael,
Indeed, I am aware of this has a impact on GDPR policies and procedures of the
OFBiz using organisations (in EU countries, and others with their own variants,
e.g. US with CCPA). However, given that any OFBiz using organisation needs to
have those anyway (especially when processing consumer data), this change
doesn't have that great of a technical impact.
It is a one-time process, required to be executed when the OFBiz instance is
initialising and building the tables (and their fields) in the underlying
(r)dbms.
Like I said, easiest to implement now. And while we just provide the basic
(technical) capability, we also provide a tangent to the integrators to
potentially add additional (consultancy) revenues vis-a-vis OFBiz and GDPR
implications.
> Trustworthy OFBiz - audit capabilities
> --------------------------------------
>
> Key: OFBIZ-12391
> URL: https://issues.apache.org/jira/browse/OFBIZ-12391
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS, framework/entity
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: audit, entity, investigation, mvp, trust, usability
>
> When potential adopters want to use OFBiz as their primary solution for
> business critical ERP (and related) processes, they (or at least their
> auditors) want to be sure that they can see:
> # who created the record in the underlying rdbms,
> # when that record was created,
> # who was the last one to modify the record
> # when the modification happened.
> Currently out of the 800+ entities defined in the various entity model files,
> only a fraction of the entities have fields defined for
> * createdDate (23)
> * createdByUserLogin (30)
> * lastModifiedDate (24)
> * lastModifiedByUserLogin (29)
> which means that for crucial entities (for a business) in OFBiz entities
> records can be created and changed (for nefarious reasons) without auditors
> and other investigators being able to state anything regarding the above 4
> points.
> Currently there are over 600 entity-auto services invoking 'create', and
> approximately the same amount of services that invoke 'update', that could
> automatically set the fields listed above. However it is not done, because
> these have not been defined.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
