tags:

views:

93

answers:

1
+2  Q: 

Storage of auditable fields per entity

I guess it's a good practice to capture auditable fields to track what happened to a particular entity (say createdBy, creationDate, modifiedBy, modifiedDate)

  1. I am assuming if an object is never modified it makes sense just to capture the following auditable fields for an SNMPv3 event (say createdBy, creationDate)

  2. I am assuming if an object is modifiable post creation by multiple people, example a User profile can be modified by self or admin then it would make sense to capture all the above attributes (say createdBy, creationDate, modifiedBy, modifiedDate)

  3. Assuming a history of audit trail per entity is not required, would it make sense to store all auditable attributes in the entity itself

  4. Would it make sense to delegate auditing to a 3rd party framework (say JBoss Envers - http://www.jboss.org/envers) for the above use cases.

  5. Assuming an entity (say a Purchase Order) is created and maintained by User X, and User Y makes some refinements to the above PO. Who should be marked as the owner of this entity (is it the creator or the modifier). creationDate in this case might not be of any relevance at all, so would it make sense to track this field here.

Note: The underlying persistence layer is based on JPA, Hibernate 3.3.x

+1  A: 

(1) and (2) seem reasonable although it probably wouldn't hurt to treat all entities the same rather than complicate it with create-only and create/modify entities.

(3) Storing them on the entity is the simplest, but I would be tempted to have a single table or table per entity just for the audit data. That would give you flexibility in case you wanted to store multiple modifications, i.e. the full history. And possibly a slight performance improvement when querying the main entity.

(4) Envers looks interesting and easy, but it seems to store a full history and you indicated that wasn't necessary so it might be overkill.

(5) I'd say the creator is always the person (or process) that caused the initial insert and modifier is the last person/process that caused an update. If you want to make business decisions about the owner, treat that as separate field rather than as part of your auditing solution.

Brian Deterling  2010-01-04 07:16:04

related questions

How do you determine how far to normalize a database?
Tips for database design in a web application
How do you deal with polymorphism in a database?
Database Patterns
Is it okay to have a lot of database views?
Extra tables or non-specific foreign keys?
Implementing a '20 Questions'-like Wizard in a Database
Database Design for Revisions?
Which database table Schema is more efficient?
How do you build a ratings implementation?
How should I model a field that can contain both numeric and string values in SQL Server 2005?
What if analysis on multi dimensional cubes (OLAP)
Data model for a extensible web form
Database Schema Diagram Design Tool
Good strategy for leaving an audit trail/change history for DB applications?
How do you recommend implementing tags or tagging
One database or many?
Suitable E-R notation for introductory DB design course? Good/free diagram tools?
What is the best strategy for retainment of large data sets?
Query a union table with fields as columns.
When is a file just a file?
Database triggers
What are the advantages of using a single database for EACH client?
Database, Table and Column Naming Conventions?
Auto Generate Database Diagram MySQL