/
User Audit Log / Version History

User Audit Log / Version History

Status

dRaft

Prod-Ticket

https://folio-org.atlassian.net/browse/UXPROD-5171

Summary

Staff users should be able to track changes that have been made to User records, so that they can search for explanations in previous changes in the event of any irregularities or queries.

FOLIO already provides an implementation of a version history in Acquisitions (Orders, Invoices, Organizations) and Inventory. The Users SIG agreed on February 19, 2025, that such functionality is also desired for the Users App. The implementation should be based on the implementation of the inventory audit log.

Functional Requirements

Architecture

Current

Target

Implementation

Summary

The implementation will be based on the inventory audit log. The inventory audit log does not store the whole objects as version history but instead stores only the edited attributes with their previous and new value.

  1. mod-users already publishes domain events to Kafka when a user record is edited

  2. mod-audit is responsible for consuming events and storing audit logs

    1. Add consumer for domain events

    2. Add configurations for user audit logs

    3. Implement API endpoint for the retrieval of user audit logs

  3. ui-users displays the user UI

    1. Add version history to user

    2. Add audit log configurations to settings page

Assumptions

  • User Objects are rarely changed (in contrast to inventory entities), therefore there is no need for partitioning of the database table by months

Version History Database Table

CREATE TABLE IF NOT EXISTS user_audit ( event_id UUID PRIMARY KEY, event_date TIMESTAMP NOT NULL, user_id UUID NOT NULL, action VARCHAR NOT NULL, performed_by UUID, diff JSONB ); CREATE INDEX IF NOT EXISTS idx_user_audit_user_id ON user_audit USING BTREE (user_id);

Work Breakdown Structure

Mod Stories

Title / Ticket

Description

Module

Title / Ticket

Description

Module

Implement User Event Consumer

  • Consume user event consumer

  • Check if user audit log is enabled

  • Compute diff between old and new user

  • Store user audit logs in database

  • When consuming a DELETED event: delete respective audit log

mod-audit

Add user audit log retention period

  • Add retention period to settings

  • Add scheduled removal of old audit logs

mod-audit

Add GET endpoint for user audit logs

  • Add get endpoint for user audit log that includes pagination

mod-audit

Add anonymization of editing person

  • Add setting to anonymize editing person

  • Implement anonymization

    • on save of respective setting

    • on consumption of new event

mod-audit

Add exclusion of specific fields

  • Add setting to exclude specific user attributes

  • Implement exclusion

    • on save of respective setting

    • on consumption of new event

mod-audit

UI Stories

Title / Ticket

Description

Module

Title / Ticket

Description

Module

Add user version history view

  • Add ability to view audit log of user record changes with version history button and panel.

  • The feature is gated by three checks:

    • User has appropriate permission

    • Audit interface is available in system

    • Version history is enabled in audit settings

ui-users

Add user version history retention settings

  • Add user version history retention settings

  • Implements settings page for configuring user version history retention with three modes: Never, Custom (days/weeks/months), and Unlimited.

ui-users

Add setting to enable anonymization of the editing person

  • Add setting view to enable anonymization of the editing person

ui-users

Add setting to enable exclusion of specific fields

  • Add setting view to enable exclusion of specific user attributes

ui-users