1 (edited by lurdsammie 04/22/2007 05:03:47 pm)

Topic: Audit Trail Module

hello guys,

You have already done a great job. However there is one feature, Full Audit Trail, that seems to be missing from frontaccounting. I think it will be most helpful if you could consider it for future realease since being a web based software unscrupulus staff can mess about with things especially when not on duty and there will be no way of telling who made what changes.

Thanks

Sammie

Re: Audit Trail Module

Hi Sammie,
We understand what you mean and one way to do this is to stamp the memo_ field with the user_id when creating General Ledger transactions. It might be sufficient enough. All transactions from the sub-systems will create General Ledger transactions, at least the critical ones.
A slightly similar method is to add a new field in the GL_trans table called user_id.
What do you think? Will eather approach be ok?

Admin

3 (edited by lurdsammie 04/28/2008 10:21:27 am)

Re: Audit Trail Module

Hello there,

Sorry for the very late response.  Lost my account details and hence became inactive.

Actually what I have in mind is much more comprehensive based on my experience with Quickbooks online edition which I have been using for nearly two years now. Based on that even the minutest change like adding a comma or a period will be recorded and the change highlighted in red text to make it easier to spot.  All records for an individual user are laid out in a tree form to start with. Admin User can then select whichever raises concern.

Another area which could be improved is access control list.  Applications like sql-ledger do present a table for all the modules showing the various rights to assgn to user.  This provides a more granular security control.  I would go a step further to include ability to create a security template to be applied to staffs.

Lastly, again an idea borrowed from Nola Pro: IP security.  This allows the admin to specify specific IP addresses from which users can access the application or from which they are prohibited from accessing the application.  I do appreciate it may pose a challenge for companies not using static IP but hei! you are the IT guys, you are solution finders!

You can call me paranoid about security but dont call me ordinary big_smile lol