​

🛡️ Audit & Compliance Module (au_*, core_audit)

​

1. Module Purpose

• Menyimpan audit trail untuk perubahan data penting.
• Menyimpan rule SoD antar role.
• Menjadi basis untuk laporan compliance.

​

2. Tables & Structure

Catatan: core_audit didefinisikan di modul Core, tetapi secara fungsi juga menjadi bagian dari audit & compliance.

​

3. Key Fields & Relationships

​

3.1 core_audit

• Fields: tenant_id, user_id, entity_type, entity_id, action, payload_before, payload_after, created_at.
• FK: user_id → core_user.id.

​

3.2 au_sod

• Fields: tenant_id, role_a_id, role_b_id, rule_code, description.
• FK: role_a_id, role_b_id → core_role.id.

​

4. Business Flows

​

4.1 Logging Perubahan Data Sensitif

1. Saat terjadi perubahan pada entity penting (mis. fi_ar_inv, po_order, inv_adj), aplikasi menulis record ke core_audit.
2. Auditor dapat menelusuri siapa mengubah apa dan kapan.

​

4.2 Penerapan SoD

1. Admin mendefinisikan rule di au_sod (mis. ROLE_REQUESTER tidak boleh digabung dengan ROLE_APPROVER).
2. Saat assign role ke user (core_user_role), sistem memeriksa rule au_sod.

​

5. Example Reports (SQL)

​

5.1 Jejak Audit Terbaru per Entity

SELECT
  a.entity_type,
  a.entity_id,
  a.action,
  u.email AS user_email,
  a.created_at
FROM core_audit a
JOIN core_user u ON u.id = a.user_id
WHERE a.tenant_id = :tenant_id
  AND a.entity_type = :entity_type
ORDER BY a.created_at DESC
LIMIT 100;

​

5.2 Cek User dengan Pelanggaran SoD

SELECT
  ur.user_id,
  u.email,
  r1.code AS role_a,
  r2.code AS role_b
FROM au_sod s
JOIN core_role r1 ON r1.id = s.role_a_id
JOIN core_role r2 ON r2.id = s.role_b_id
JOIN core_user_role ur1 ON ur1.role_id = r1.id
JOIN core_user_role ur2 ON ur2.role_id = r2.id AND ur2.user_id = ur1.user_id
JOIN core_user u ON u.id = ur1.user_id
WHERE u.tenant_id = :tenant_id;