{"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"text":"Auditing","type":"text"}]},{"type":"paragraph","content":[{"text":"To comply with data protection regulation, we need to make sure that SORMAS provides an audit log trail which can be easily ingested by dedicated log processing systems and allows investigation by officials.","type":"text"}]},{"type":"paragraph","content":[{"text":"Use cases","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"User opens case in UI -> call to backend method CaseFacade.getCaseDataByUuid needs to be logged","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"User edits/deletes case in UI -> call to backend method CaseFacade.save/deleteCase needs to be logged","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"User does export -> call to CaseFacade.getExportList needs to be logged","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"User opens case directory -> call to CaseFacade.getIndexList needs to be logged","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"High-Level Explanation","type":"text"}]},{"type":"paragraph","content":[{"text":"The audit trail gets populated by automatically logging every invocation of a facade/EJB method. By this, we can trace every interaction with the system (i.e., via Vaadin UI or REST). We output the collected logs to a user configurable log sink such that the logs can be easily ingested for further processing.","type":"text"}]},{"type":"paragraph","content":[{"text":"The most important module that is covered is the SORMAS backend.","type":"text"}]},{"type":"paragraph","content":[{"text":"Related epic: ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://github.com/hzi-braunschweig/SORMAS-Project/issues/7904"}},{"text":" ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Encryption and security","type":"text"}]},{"type":"paragraph","content":[{"text":"SORMAS only provides an interface and log stream. Is up to the user of this data what tool they will use to consume this data. The data does not contain any personal information. Any other security concerns need to be addressed by the consumer of the stream of logs.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Storage details","type":"text"}]},{"type":"paragraph","content":[{"text":"SORMAS does not do any storage of the audit logs. The only thing that Sormas provides is a stream of audit logs.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Setup","type":"text"}]},{"type":"paragraph","content":[{"text":"Audit logging can be set up by setting the ","type":"text"},{"text":"audit.logger.config","type":"text","marks":[{"type":"code"}]},{"text":" property in the ","type":"text"},{"text":"sormas.properties","type":"text","marks":[{"type":"strong"}]},{"text":" file to a path that points to a ","type":"text"},{"text":"logback configuration","type":"text","marks":[{"type":"underline"},{"type":"em"},{"type":"link","attrs":{"href":"https://logback.qos.ch/manual/configuration.html"}}]},{"text":" file.","type":"text"}]},{"type":"paragraph","content":[{"text":"There is an example file in SORMAS source code in the ","type":"text"},{"text":"sormas-base/setup","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://github.com/hzi-braunschweig/SORMAS-Project/blob/development/sormas-base/setup/audit-logback.xml"}}]},{"text":" folder. This writes audit logs to a file but ","type":"text"},{"text":"Logback","type":"text","marks":[{"type":"em"}]},{"text":" can be easily configured to write to other destinations like a database or a log processing system.","type":"text"}]},{"type":"paragraph","content":[{"text":"For example adding a ","type":"text"},{"text":"Loki4jAppender","type":"text","marks":[{"type":"code"}]},{"text":" appender to the logback configuration file will send the logs to a Loki instance.","type":"text"}]},{"type":"paragraph","content":[{"text":"e.g. The following configuration will send the logs to a Loki instance running on ","type":"text"},{"text":"localhost","type":"text","marks":[{"type":"code"}]},{"text":":","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n \n \n http://localhost:3100/loki/api/v1/push\n \n \n \n app=my-app,host=localhost,level=%level\n \n \n l=%level h=localhost c=%logger{20} t=%thread | %msg %ex\n \n true\n \n \n\n \n \n \n","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"NOTE: in order to make the Loki appender work, you need to add the latest ","type":"text"},{"text":"loki-logback-appender.jar","type":"text","marks":[{"type":"code"}]},{"text":" as a dependency in the libs folder of the SORMAS domain in your payara","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Log Format","type":"text"}]},{"type":"paragraph","content":[{"text":"For the general purpose of audit logging SORMAS logs access to the SORMAS backend with details on what exactly has been accessed, without including sensitive data (e.g. names).","type":"text"}]},{"type":"paragraph","content":[{"text":"For the logging output format, SORMAS is using the FHIR R4 AuditEvent resource, which is based on the IHE ATNA audit profile. FHIR is a well-known and established standard for exchange of medical related data.","type":"text"}]},{"type":"paragraph","content":[{"text":"A ","type":"text"},{"text":"FHIR AuditEvent","type":"text","marks":[{"type":"code"}]},{"text":" resource has a specified ","type":"text"},{"text":"JSON representation","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://www.hl7.org/fhir/auditevent-example.json.html"}}]},{"text":" which is compact and easy to digest by log processing systems like Loki or ELK.","type":"text"}]},{"type":"paragraph","content":[{"text":"These are the most important fields logged in the AuditEvent class:","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"c7e3a0ff-ed85-49ac-99f2-db722307b724"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Content","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Field in ","type":"text"},{"text":"AuditEvent","type":"text","marks":[{"type":"code"}]},{"text":" resource","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Access type","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Create/Read/Update/Delete/Execute","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"action","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"timestamp","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Timestamp of the event","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"recorded","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"actor","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Functional instance causing the event (e.g., user). Users should be identified with a human readable name besides using the UUID","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"agent","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Executing instance","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Identifier of the system(component) generating the audit event","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"source.site","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Activity/Event","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Description of the activity with unique reference(uuid) w.r.t. the accesses data","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"entitiy","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Additionally, there is the field ","type":"text"},{"text":"type","type":"text","marks":[{"type":"strong"}]},{"text":", which will be populated according to the following table.","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"43528db4-9d7a-41ae-b741-6de6087161b9"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Code","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"System","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"110100","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"http://dicom.nema.org/resources/ontology/DCM"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Application Activity","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Start, Stop","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"110106","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"http://dicom.nema.org/resources/ontology/DCM"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Export","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Database level export","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"110112","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"http://dicom.nema.org/resources/ontology/DCM"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Query","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"A request for multiple entities","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"110110","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"http://dicom.nema.org/resources/ontology/DCM"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Patient Record","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Use for read/write/delete operations on patient related entities (case, contact, symptoms, samples, ...)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"object","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"http://terminology.hl7.org/CodeSystem/audit-event-type","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"http://terminology.hl7.org/CodeSystem/audit-event-type"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"An Operation on other Objects","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Use for read/write/delete operations on all other entities, most importantly users, infrastructure, configuration and tasks","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Logged events","type":"text"}]},{"type":"paragraph","content":[{"text":"SORMAS logs the following events:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Application lifecycle events (start, stop)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Data reads","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Creation and change of data","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Deletion of data","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"REST api calls","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Failed login attempts","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"External message adapters can also log events using the ","type":"text"},{"text":"AuditLoggerFacade","type":"text","marks":[{"type":"code"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Logged data","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Under all circumstances the principle of data minimization is followed","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Only the UUID of entities is logged, not the full entity","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The timestamps are in ISO format.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"In general the log contains only pseudonymized personal data, the only exception being the name of the active user.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"hardBreak"},{"text":"Log examples","type":"text"}]},{"type":"expand","attrs":{"title":"Failed Login"},"content":[{"type":"codeBlock","content":[{"text":"{\n \"resourceType\": \"AuditEvent\",\n \"type\": {\n \"system\": \"https://hl7.org/fhir/R4/valueset-audit-event-type.html\",\n \"code\": \"110114\",\n \"display\": \"User Authentication\"\n },\n \"subtype\": [\n {\n \"system\": \"https://hl7.org/fhir/R4/valueset-audit-event-sub-type.html\",\n \"code\": \"110122\",\n \"display\": \"Login\"\n }\n ],\n \"action\": \"E\",\n \"recorded\": \"2024-03-07T12:38:17.803+02:00\",\n \"outcome\": \"4\",\n \"outcomeDesc\": \"Authentication failed\",\n \"agent\": [\n {\n \"name\": \"Username cannot be determined without ID token. Check Keycloak logs for details.\"\n }\n ],\n \"source\": {\n \"site\": \"sormas.lu - UI MultiAuthenticationMechanism\"\n },\n \"entity\": [\n {\n \"what\": {\n \"reference\": \"sormas-ui/Callback\"\n }\n }\n ]\n} ","type":"text"}]}]},{"type":"expand","attrs":{"title":"Load Case Directory"},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"{\n\"resourceType\": \"AuditEvent\",\n\"action\": \"R\",\n\"period\": {\n \"start\": \"2024-03-07T12:38:34+02:00\",\n \"end\": \"2024-03-07T12:38:34+02:00\"\n},\n\"recorded\": \"2024-03-07T12:38:34.912+02:00\",\n\"outcomeDesc\": \"[CaseIndexDto(uuid=SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE),CaseIndexDto(uuid=RAG4WE-2BUPEN-3OXQW5-TB7OKE4Y),CaseIndexDto(uuid=WILIOE-FFX3L7-C46FKD-PCN6CJQU),CaseIndexDto(uuid=SCYB5H-MLZJJB-PFAVRD-6IQQ2FMU),CaseIndexDto(uuid=S7DQVF-4XCHEO-YA57KV-HHAHKF5Q),CaseIndexDto(uuid=XFLEBJ-A5FAY7-DGVLX7-XZ4VKP6U),CaseIndexDto(uuid=TUWWHZ-E5LQPN-GCVYDQ-VYTVKMAY),CaseIndexDto(uuid=RH7FHT-BMD6BV-T7V7VY-LIC4CHCM),CaseIndexDto(uuid=Q2YYLE-TXYILI-X5Q7FE-BJHL2IG4),CaseIndexDto(uuid=SF2Y72-YYG335-XI3ZFX-VTMBSMT4),CaseIndexDto(uuid=VORYUS-BB3TN5-EWQ6CB-TLM7KI4E),CaseIndexDto(uuid=UI47KF-UCZMA4-DHEHXU-MLMKKE5A),CaseIndexDto(uuid=TCO4DA-2GI64Y-D7IK2G-KBKACNXM),CaseIndexDto(uuid=T62OHY-7ID2Z2-LTVWSR-VCZVKMQE),CaseIndexDto(uuid=VCGLLU-REDG56-BVEULC-WZKASOOU),CaseIndexDto(uuid=T4ZZBB-2UHGS2-2TLMTH-26FOSBPQ),CaseIndexDto(uuid=SAGWGH-JS2LQA-WOV3F5-VAQICK5Y),CaseIndexDto(uuid=VZ4SMM-OBWY72-7DVLC4-6FZL2LFY),CaseIndexDto(uuid=V3ND6S-66VQIV-S642FO-5F42KIQ4),CaseIndexDto(uuid=VQFIG5-QDTIK7-UC2UAX-KD52CAHI),CaseIndexDto(uuid=QYL2XE-KU6BKX-CO7JXV-35PN2F4E),CaseIndexDto(uuid=VT3ADI-TYG6PJ-YYOHCT-UVWUKMPQ),CaseIndexDto(uuid=RVXCET-Y35DWT-3DYA34-4MXX2HLI),CaseIndexDto(uuid=RKU56K-HGXFNO-AFXOCX-YWH5KJZQ),CaseIndexDto(uuid=XABT2R-MVHQA4-PN3BNS-DWKKCCY4),CaseIndexDto(uuid=TDPU3J-ZSKZBD-BLRHEV-7PC2KELY),CaseIndexDto(uuid=X2TFPZ-BULBSB-7NVZIP-4K3D2ICA),CaseIndexDto(uuid=WKWEG3-EGYL2J-GKUHDC-F22CSBRU),CaseIndexDto(uuid=TOAQVR-IU3CKF-LXYJKL-IT6VKKOI),CaseIndexDto(uuid=QR2PLT-JVRN5H-BIMWJO-H3MJKAN4),CaseIndexDto(uuid=QS3UDV-QFVBMM-LGDB2F-LNCLSIRI),CaseIndexDto(uuid=WLJVI5-GNOLVN-D335JX-Q3HBKE7I),CaseIndexDto(uuid=UJLPOL-LSJ7ZS-MUWCCO-3FGQCICI),CaseIndexDto(uuid=XMXHHD-NE526P-EMUVCU-NGPDCFQ4),CaseIndexDto(uuid=UNPGCP-7HRLLF-JCRCZ6-HMAG2E6E),CaseIndexDto(uuid=Q44DQL-ECYSWP-XHRB5G-FNHXKEOA),CaseIndexDto(uuid=XZN26C-NZJXPS-3BLLPD-GDSD2GIQ),CaseIndexDto(uuid=RPZS4S-MIWQY6-7HZ6A5-SG7T2NRY),CaseIndexDto(uuid=RGJQ3S-2OBPHZ-AJY7CM-C6M3CNWU),CaseIndexDto(uuid=RXZ3FB-XNNB2M-TJZX2I-4C3EKAXI),CaseIndexDto(uuid=STPE5C-JV62ST-P7NTB4-5JMZCOQE),CaseIndexDto(uuid=WTP4W2-3DP76T-N4E5EV-YZESSKXM),CaseIndexDto(uuid=QUNZWX-AAKOXA-PEHSCB-DU6HKHSI),CaseIndexDto(uuid=WJOFHO-2X5NIA-VKPJGT-FON52IMU),CaseIndexDto(uuid=QGHGY4-B3RUOC-TX27YD-JUSQ2DPI),CaseIndexDto(uuid=RT4XRJ-VM74IK-5TYURK-B5NGKO2Y),CaseIndexDto(uuid=V6XOJS-SX4ESD-XQQSCS-JJXOCBQA),CaseIndexDto(uuid=RPVLIR-R7YK3E-QAXKU3-QVRFKLZA),CaseIndexDto(uuid=XSQTVG-4IXW7A-LAHYTW-2D5CKMDY),CaseIndexDto(uuid=W7UK6H-KZSPPD-PGHWIO-JI4MCCGU),CaseIndexDto(uuid=UMVX63-P6R4I3-SI7IK5-ZNEMSLC4),CaseIndexDto(uuid=VZKFEJ-Q5V2XU-5SQPRM-ZZACSDMQ),CaseIndexDto(uuid=RGH5HS-A3TSNU-5LZXIR-OOCICME4),CaseIndexDto(uuid=SYXQBI-UOXGW7-KPNDZU-ZCJNSDYU),CaseIndexDto(uuid=TJL5UI-QFCEOX-4NA4WA-UTVRCPJQ),CaseIndexDto(uuid=RDEGZP-OEFQZK-E3ZC5C-MYG2SHWY),CaseIndexDto(uuid=Q4ICNF-Y5R56L-NPSAXN-O52WCOUU),CaseIndexDto(uuid=USASG5-3HG5QV-GUZBS6-VKLOKF3A),CaseIndexDto(uuid=SRYNG6-7BL73Q-LAC6TK-V2H62NKI),CaseIndexDto(uuid=V6WVV4-MFF6G7-CBTDMQ-VNX7KG34),CaseIndexDto(uuid=UEQ4TR-QXWOXK-IERBBB-LE5SSNEA),CaseIndexDto(uuid=U2W5EI-34BFKM-FMCGON-4COT2F3M),CaseIndexDto(uuid=UFKBX6-WLAQRE-DOJNWN-2AFWSEYA),CaseIndexDto(uuid=XAOL6R-S7BFCM-6BDOLB-SZOXKGIY),CaseIndexDto(uuid=SFPALU-Z4QORK-ZYPOEK-2QK32DUE),CaseIndexDto(uuid=RBMPYH-VBOOBC-BSEJKD-7KL7CMQQ),CaseIndexDto(uuid=V26N2S-5XKDTB-BMTJBS-HS7S2LAU)]\",\n\"agent\": [\n {\n \"type\": {\n \"coding\": [\n {\n \"system\": \"https://www.hl7.org/fhir/valueset-participation-role-type.html\",\n \"code\": \"humanuser\",\n \"display\": \"human user\"\n }\n ]\n },\n \"who\": {\n \"identifier\": {\n \"value\": \"UOSUJW-BRSDJL-ZGSXEW-3XCUCLHI\"\n }\n },\n \"name\": \"NatUser\"\n }\n],\n\"source\": {\n \"site\": \"sormas.lu\",\n \"type\": [\n {\n \"system\": \"http://terminology.hl7.org/CodeSystem/security-source-type\",\n \"code\": \"4\",\n \"display\": \"Application Server\"\n }\n ]\n},\n\"entity\": [\n {\n \"what\": {\n \"reference\": \"public java.util.List de.symeda.sormas.backend.caze.CaseFacadeEjb.getIndexList(de.symeda.sormas.api.utils.criteria.BaseCriteria,java.lang.Integer,java.lang.Integer,java.util.List)\"\n },\n \"detail\": [\n {\n \"type\": \"param\",\n \"valueString\": \"CaseCriteria(birthdateDD=null,birthdateMM=null,birthdateYYYY=null,caseClassification=null,caseLike=null,caseOrigin=null,caseUuidsForMerge=null,community=null,creationDateFrom=null,creationDateTo=null,dateFilterOption=By Date,dateTypeCalss=class de.symeda.sormas.api.caze.NewCaseDateType,disease=null,diseaseVariant=null,district=null,eventLike=null,facilityType=null,facilityTypeGroup=null,followUpStatus=null,followUpUntilFrom=null,followUpUntilTo=null,followUpVisitsFrom=null,followUpVisitsInterval=null,followUpVisitsTo=null,healthFacility=null,includeCasesFromOtherJurisdictions=false,investigationStatus=null,jurisdictionType=null,mustBePortHealthCaseWithoutFacility=null,mustHaveCaseManagementData=null,mustHaveNoGeoCoordinates=null,newCaseDateFrom=null,newCaseDateTo=null,newCaseDateType=null,onlyCasesWithDontShareWithExternalSurvTool=null,onlyCasesWithEvents=false,onlyCasesWithReinfection=null,onlyContactsFromOtherInstances=null,onlyEntitiesChangedSinceLastSharedWithExternalSurvTool=null,onlyEntitiesNotSharedWithExternalSurvTool=null,onlyEntitiesSharedWithExternalSurvTool=null,onlyQuarantineHelpNeeded=null,onlyShowCasesWithFulfilledReferenceDefinition=null,outcome=null,person=null,personLike=null,pointOfEntry=null,presentCondition=null,quarantineTo=null,quarantineType=null,region=null,reinfectionStatus=null,relevanceStatus=Active,reportDateTo=null,reportingUserLike=null,reportingUserRole=null,sourceCaseInfoLike=null,surveillanceOfficer=null,symptomJournalStatus=null,vaccinationStatus=null,withExtendedQuarantine=null,withOwnership=true,withReducedQuarantine=null,withoutResponsibleOfficer=null)\"\n },\n {\n \"type\": \"param\",\n \"valueString\": \"0\"\n },\n {\n \"type\": \"param\",\n \"valueString\": \"100\"\n },\n {\n \"type\": \"param\",\n \"valueString\": \"[]\"\n }\n ]\n }\n]\n}","type":"text"}]}]}]}]},{"type":"expand","attrs":{"title":"Load Case Data"},"content":[{"type":"codeBlock","content":[{"text":"{\n \"resourceType\": \"AuditEvent\",\n \"action\": \"R\",\n \"period\": {\n \"start\": \"2024-03-07T12:38:39+02:00\",\n \"end\": \"2024-03-07T12:38:39+02:00\"\n },\n \"recorded\": \"2024-03-07T12:38:39.341+02:00\",\n \"outcomeDesc\": \"CaseDataDto(uuid=SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE)\",\n \"agent\": [\n {\n \"type\": {\n \"coding\": [\n {\n \"system\": \"https://www.hl7.org/fhir/valueset-participation-role-type.html\",\n \"code\": \"humanuser\",\n \"display\": \"human user\"\n }\n ]\n },\n \"who\": {\n \"identifier\": {\n \"value\": \"UOSUJW-BRSDJL-ZGSXEW-3XCUCLHI\"\n }\n },\n \"name\": \"NatUser\"\n }\n ],\n \"source\": {\n \"site\": \"sormas.lu\",\n \"type\": [\n {\n \"system\": \"http://terminology.hl7.org/CodeSystem/security-source-type\",\n \"code\": \"4\",\n \"display\": \"Application Server\"\n }\n ]\n },\n \"entity\": [\n {\n \"what\": {\n \"reference\": \"public de.symeda.sormas.api.caze.CaseDataDto de.symeda.sormas.backend.caze.CaseFacadeEjb.getCaseDataByUuid(java.lang.String)\"\n },\n \"detail\": [\n {\n \"type\": \"param\",\n \"valueString\": \"SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE\"\n }\n ]\n }\n ]\n}","type":"text"}]}]},{"type":"expand","attrs":{"title":"Update a Case"},"content":[{"type":"codeBlock","content":[{"text":"{\n \"resourceType\": \"AuditEvent\",\n \"action\": \"U\",\n \"period\": {\n \"start\": \"2024-03-07T12:39:32+02:00\",\n \"end\": \"2024-03-07T12:39:33+02:00\"\n },\n \"recorded\": \"2024-03-07T12:39:33.434+02:00\",\n \"outcomeDesc\": \"CaseDataDto(uuid=SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE)\",\n \"agent\": [\n {\n \"type\": {\n \"coding\": [\n {\n \"system\": \"https://www.hl7.org/fhir/valueset-participation-role-type.html\",\n \"code\": \"humanuser\",\n \"display\": \"human user\"\n }\n ]\n },\n \"who\": {\n \"identifier\": {\n \"value\": \"UOSUJW-BRSDJL-ZGSXEW-3XCUCLHI\"\n }\n },\n \"name\": \"NatUser\"\n }\n ],\n \"source\": {\n \"site\": \"sormas.lu\",\n \"type\": [\n {\n \"system\": \"http://terminology.hl7.org/CodeSystem/security-source-type\",\n \"code\": \"4\",\n \"display\": \"Application Server\"\n }\n ]\n },\n \"entity\": [\n {\n \"what\": {\n \"reference\": \"public de.symeda.sormas.api.EntityDto de.symeda.sormas.backend.caze.CaseFacadeEjb.save(de.symeda.sormas.api.EntityDto)\"\n },\n \"detail\": [\n {\n \"type\": \"param\",\n \"valueString\": \"CaseDataDto(uuid=SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE)\"\n }\n ]\n }\n ]\n}","type":"text"}]}]},{"type":"expand","attrs":{"title":"Archive a Case"},"content":[{"type":"codeBlock","content":[{"text":"{\n \"resourceType\": \"AuditEvent\",\n \"action\": \"U\",\n \"period\": {\n \"start\": \"2024-03-07T12:39:39+02:00\",\n \"end\": \"2024-03-07T12:39:39+02:00\"\n },\n \"recorded\": \"2024-03-07T12:39:39.393+02:00\",\n \"outcomeDesc\": \"ProcessedEntity\",\n \"agent\": [\n {\n \"type\": {\n \"coding\": [\n {\n \"system\": \"https://www.hl7.org/fhir/valueset-participation-role-type.html\",\n \"code\": \"humanuser\",\n \"display\": \"human user\"\n }\n ]\n },\n \"who\": {\n \"identifier\": {\n \"value\": \"UOSUJW-BRSDJL-ZGSXEW-3XCUCLHI\"\n }\n },\n \"name\": \"NatUser\"\n }\n ],\n \"source\": {\n \"site\": \"sormas.lu\",\n \"type\": [\n {\n \"system\": \"http://terminology.hl7.org/CodeSystem/security-source-type\",\n \"code\": \"4\",\n \"display\": \"Application Server\"\n }\n ]\n },\n \"entity\": [\n {\n \"what\": {\n \"reference\": \"public de.symeda.sormas.api.common.progress.ProcessedEntity de.symeda.sormas.backend.caze.CaseFacadeEjb.archive(java.lang.String,java.util.Date,boolean)\"\n },\n \"detail\": [\n {\n \"type\": \"param\",\n \"valueString\": \"SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE\"\n },\n {\n \"type\": \"param\",\n \"valueString\": \"Thu Mar 07 00:00:00 EET 2024\"\n },\n {\n \"type\": \"param\",\n \"valueString\": \"false\"\n }\n ]\n }\n ]\n}","type":"text"}]}]},{"type":"expand","attrs":{"title":"Delete a Case"},"content":[{"type":"codeBlock","content":[{"text":"{\n \"resourceType\": \"AuditEvent\",\n \"action\": \"D\",\n \"period\": {\n \"start\": \"2024-03-07T12:39:49+02:00\",\n \"end\": \"2024-03-07T12:39:49+02:00\"\n },\n \"recorded\": \"2024-03-07T12:39:49.307+02:00\",\n \"outcomeDesc\": \"null\",\n \"agent\": [\n {\n \"type\": {\n \"coding\": [\n {\n \"system\": \"https://www.hl7.org/fhir/valueset-participation-role-type.html\",\n \"code\": \"humanuser\",\n \"display\": \"human user\"\n }\n ]\n },\n \"who\": {\n \"identifier\": {\n \"value\": \"UOSUJW-BRSDJL-ZGSXEW-3XCUCLHI\"\n }\n },\n \"name\": \"NatUser\"\n }\n ],\n \"source\": {\n \"site\": \"sormas.lu\",\n \"type\": [\n {\n \"system\": \"http://terminology.hl7.org/CodeSystem/security-source-type\",\n \"code\": \"4\",\n \"display\": \"Application Server\"\n }\n ]\n },\n \"entity\": [\n {\n \"what\": {\n \"reference\": \"public void de.symeda.sormas.backend.caze.CaseFacadeEjb.delete(java.lang.String,de.symeda.sormas.api.common.DeletionDetails) throws de.symeda.sormas.api.externalsurveillancetool.ExternalSurveillanceToolRuntimeException,de.symeda.sormas.api.sormastosormas.SormasToSormasRuntimeException\"\n },\n \"detail\": [\n {\n \"type\": \"param\",\n \"valueString\": \"SYQMFJ-N2YXQ7-PMHXUE-SAQU2FIE\"\n },\n {\n \"type\": \"param\",\n \"valueString\": \"DeletionDetails(deletionReason=Deletion request by affected person according to GDPR)\"\n }\n ]\n }\n ]\n}","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Data History","type":"text"}]},{"type":"paragraph","content":[{"text":"Use case","type":"text","marks":[{"type":"strong"}]},{"text":": A user observes incorrect data in a few cases. To understand how exactly this came to be it should be possible to extract the change history of the cases, including what exactly changed, at what point in time and by which user the change was made.","type":"text"}]},{"type":"paragraph","content":[{"text":"Goals:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Provide the information when and by whom a change was made","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Provide what was changed / what the data looked like before and after the change","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"SORMAS uses ","type":"text"},{"text":"temporal tables","type":"text","marks":[{"type":"underline"},{"type":"link","attrs":{"href":"https://github.com/nearform/temporal_tables"}}]},{"text":" to provide a history of all data changes. These automatically create a copy of the previous status in a history table each time a database entry is changed and provide it with a validity period. This also makes it possible to query the status of the data at any time in the past with simple SQL queries.","type":"text"}]}],"version":1}

Browser not supported