Inventory Audit log
Summary
The technical design is aimed to address the need of catalogers to track the history of changes for different entities in FOLIO. The solution uses the common approach for auditable events in FOLIO similar to the audit of events in circulation and acquisition domains.
Requirements
Functional Requirements
UXPROD-4125: Inventory app | Audit log/Change tracker v1Open
UXPROD-4126: MARC authority app | Audit log/Change tracker v1Open
NFR
UXPROD-4125/UXPROD-4126 NFR Scorecard
Assumptions
For ECS environments: Shared entities' version history should be tracked only in the central tenant.
All changes in the system related to inventory entities (instances, items, holdings, bibs) generate Domain events.
Baseline Architecture
In existing architecture, mod-inventory-storage
is responsible for persisting such entities as instances, holdings, and items. mod-entities-links
is responsible for authorities. Both modules produce domain events on create/update/delete actions from different sources.
Target Architecture
The existing architecture allows the reuse of the capabilities of the domain events approach to persist audit log events.
Audit Consumers Sequence Diagram
Audit Consumers with Outbox Sequence Diagram
The implementation can follow a Transactional outbox pattern. The approach allows enhanced guarantee for persisting the audit event but the trade-off is that this approach will negatively affect the performance of flows related to domain events.
Solution Summary
The process is split into two main parts
Persistence: The audit database should persist a snapshot of the entity. The queries are made mostly by the entity's unique identification. Thus partitioning by UUID can be applied to audit tables
Version history display: This should be done on demand comparing each consecutive snapshot of the entity to the previous
Key implementation aspects:
The Kafka default delivery semantics is “AT_LEAST_ONCE”. Ensure that domain events have their unique identifiers to be able to handle consuming messages in an idempotent manner
Add new consumers in
mod-audit
to inventory domain events.Persist audit events in an event storage. A single table in DB per entity type with partitioning by UUID.
Create REST API
4. to provide information on a list of changes related to a particular entity
5. to provide detailed information on the particular change - this API should use the Object diff library to return a verbose description of the difference between current and previous snapshots of the entity
ERD
With data size implications, creating separate tables per each entity type is required. The default table structure is listed below:
Column | Type | required | unique | Description | |
---|---|---|---|---|---|
1 | EventID | UUID | y | y | unique event identifier |
2 | EventDate | timestamp | y | n | date when the event appeared in the event log |
3 | Origin | varchar | y | n | Origin of the event: data-import, batch-update, user, etc. |
4 | Action | varchar | y | n | what action was performed |
5 | ActionDate | timestamp | y | n | when action was performed |
6 | EntityID | UUID | y | n | entity identifier |
7 | UserId | UUID | y | n | user who did the action, fixed UUID for anonymized user |
8 | Snapshot | jsonb | y | n | body of the entity |
WBS
Risks and concerns
Risk | Description | Probability | Impact | Mitigation | |
---|---|---|---|---|---|
1 | Long period for audit records retention | The number of records could overwhelm the capability of the Postgres database both from a computational point of view and cost | High | High | Introduce separate storage for audit-events |
2 | Cascade Updates will create redundant copies in the audit log | The update to holdings causes updates to all related items. Some holdings may contain ~15000 records | High | Medium | Collapse or filter out events that only change parent entity |
3 | Some flows could update inventory entities without using the Domain-events mechanism | With different capabilities of the system including UI, data import, bulk edit, etc some of the flows might skip sending Domain events and/or edit entities directly | Low | Medium | List those cases and add domain events to flows that has no this capability |
4 | Linked data | The flow and integration with inventory are not clear for the BIBFRAME format | Low | Low | Adjust BIBFRAME flow to follow the proposed solution for other inventory entities |
Product Questions
Question | Answer | Comment | |
---|---|---|---|
1 | Should failure in sending audit message block the create/update/delete operation? | Hey @Kalibek Turgumbayev - what happens today when an update is made and the create/update date and time stamp is not updated? | The question is related to transactional outbox pattern implementation |
2 | What would be the period of retention for Audit records? | @Dennis Bridges has this requirement come up for you with respect to Acq’s change tracker? | The storage options depend on this question:
|
3 | In what form should we show the changes to non-marc fields (e.g. staffSuppress, administrative Notes, etc.) in MARC instances? | @Kalibek Turgumbayev - I am unsure I understand this question. Can you review this mockup of how to display updates made to a FOLIO instance record? | Instance with source FOLIO or MARC from inventory is a separate object than SRS record and should be tracked separately |
4 | If only the order of fields in a MARC record is changed, should it be logged? | @Kalibek Turgumbayev - Good question - I need to ask users but unless it is a significant to implement, answer is Yes. @Dennis Bridges has this requirement come up for you with respect to Acq’s change tracker? |
|
5 | Do we have scenarios where the audit log is exported in batches for some period of dates? | It is possible that a library may want to do so but I do not think it is a requirement for Sunflower. @Dennis Bridges has this requirement come up for you with respect to Acq’s change tracker? | If the solution uses Postgres with partitioning by entity key, such exports would cause significant performance issues. |
Links
Acquisition event log - data retention period is 20 years
Javers - Java object diff library