In this blog series, we explore what domain/ business entity auditing means, its importance, in software applications, and how to implement entity auditing.The purpose of this blog series is to come up with auditing frameworks that can be used for auditing any software application. In this edition, will see what is entity auditing and its importance with an example.
Every software product or application deals with data. Usually, data is held in the application layer as the state of an entity and it is persisted in a collection or table in a database. Application users create, modify and delete the data, which means data or an entity gets mutated or in other words it changes its state.
When dealing with mutable data we usually have only the last state of an entity persisted in a database with little visibility into the changes that have taken place thus far.
As a business user of an application, one would want to know the previous state of an entity or data. One would like to know who changed an entry or when was it changed. These needs eventually lead to a need for auditing the changes of an entity or bring in requirements for a version-control system, similar to the version-control system for our source code.
If we don’t have entity auditing in an application, then developers need to spend a lot of time debugging an application and searching through log files for an event that changed a state. This gets even trickier in the production environment when lots of different users are using the system.
This is the reason why one would want to have an entity auditing mechanism for a product where it should be configurable for auditing. It should allow us to choose the entities that have to be audited and the fields of an entity to be audited. It should have a user interface (UI) to see the change audits of a particular entity with ease.
The below diagram describes an example of auditing an entity, consider a User entity that has data such as ID, name, and role. The audit process would resemble the chart below.
The object of the user entity is being modified by one of the transactions, and the role field is getting modified from VIEW_USER to ADMIN, this is a state change of a User object, and this modification is being logged in the AuditEntry table/collection. This table also holds information such as the ‘role’ field whose value changed to ADMIN from the previous value VIEW_USER, thus modified by the superuser, and at the modified time stamp.
This kind of entity auditing helps to identify the changes made to data, which is of immense value when large swathes of data are being handled.
Capturing the entity differences can become cumbersome when we start auditing complex entities. The wise choice would be to work with tools such as JaVers that are capable of logging, tracking, and maintaining records of complex entities as well.
JaVers is an audit log tool that helps to track changes in entities in the application as well as in entity audits. However, the usage of this tool is not limited to debugging and auditing only. It can be successfully applied to perform analysis, force security policies, and maintain the event logs as well.
In the next blog in the series, we will be exploring how JaVers can be used to capture audits and other features of the tool.
Author: Sandeep Bolchetwar