I have a requirement that it must be clear who read and/or changed some particular data.
For this I want to log every read / insert and update to particular data. I think of adding some generic logging that logs to a database. At least I must log the dateTime, the user, the object involved and the changed data.
I don't have to log all access only those that involve some medical data.
Urs Beeli Messages: 566 Registered: October 2012 Location: Bern, Switzerland
Are you using Scout's SQL service that let you use SQL statement strings to access your DB?
In our project, we are using a combination of spring/hibernate for persistence which allows us to define interceptors on DB access. Those interceptors then update some fields that are common to all our tables (time, user, etc). This has the advantage that we do not need to add this to any of our business code, all we need to do is to add those fields to the database tables and let our hibernate bean implement a marker interface the interceptor checks for.
I don't know if the SQL services that come with Scout offer a similar possibility.
Our project has a similar requirement. The difference is, that updates through other clients such as SQLDeveloper have to be recorded as well. In this case it is impossible to implement a solution in Scout alone. Also, we don't have to record a SELECT.
The database supports triggers. We're using the triggers to record the update / insert / delete of data. Since the database does not know which user is issuing the updates through the Scout server, we also use a transaction specific variable to store the username and record it with every trigger execution.