FWD » Core Development » Base Language

How should we implement this feature? Should we just add a flag into directory/client.xml or should we replicate the exact same features as they do in progress. As I understood so far from reading the documentation, the latter seems very complicated.

This is meant to report on whether the 4GL-compatible auditing support is activated. That means it is dependent upon the functionality in #6422.

As far as how to activate it, we can either implement a simple directory flag or we can link this back into the SecurityManager auditing support which we already have. Though I like the conceptual simplicity of using the SecurityManager auditing as a common facility, the downside is that it may complicate the 4GL-compatible implementation. I've posted the next steps in #6422. I think it is best to work that first.

When this is implemented, please put it in branch 6422a.

How should I implement this feature? Should I add a boolean in server/directory.xml? There is already another boolean for the other audit implementation: security/aduit/enabled. Should I use this one or create another one? If I need to create another one, do you have a preference regarding the path?

There is already another boolean for the other audit implementation: security/aduit/enabled.

No, the two audit facilities have no relation so we can't use the existing feature.

How should I implement this feature? Should I add a boolean in server/directory.xml?

I don't think so. In the 4GL, isn't this just reporting on whether there are any active audit events configured? In other words, if the 4GL runtime is going to add records into the _aud-audit-data table then AUDIT-ENABLED() will return true. Please test it and see. I think this is just something that will report runtime state from AUDIT-CONTROL or AUDIT-POLICY.

To enable auditing, the following commands should be executed in proenv:

prodb test_db empty // create an empty database named test_db
...
proutil test_db -C enableauditing area AuditData // enable auditing for the test_db

If the proutil ... enableauditing is not executed, then the auditing is not enabled. This means the AUDIT-ENABLED() will always return false and nothing will be inserted into _aud-audit-data. Even if we call commands like LOG-AUDIT-EVENT, nothing will be added into the db.

I believe the best way to simulate the proutil ... enableauditing functionality is by adding a flag in server/directory.xml.

I believe the best way to simulate the proutil ... enableauditing functionality is by adding a flag in server/directory.xml.

Agreed. This seems to be best done as a new flag for a given database in the persistence section.

Eric?

Greg Shah wrote:

I believe the best way to simulate the proutil ... enableauditing functionality is by adding a flag in server/directory.xml.

Agreed. This seems to be best done as a new flag for a given database in the persistence section.

Eric?

The persistence section is meant for cross-database configuration; database is meant for per-database configuration (persistence and database are at the same level; there is zero or one persistence node, zero or more database nodes).

If we want the flexibility to enable auditing on a per-database instance level, I would suggest putting this flag under .../database/<db_name>/. If there are options beyond on/off, I would make an audit container, with the first setting being enabled (defaults to false). If it is just on/off, I would suggest a boolean enable-auditing flag directly beneath .../database/<db_name>/.

The changes are in the p2j branch 6422a

Eric: This needs your code review.