v0.6.0

Added

• Support for @sap/cds^7.5

Fixed

• Automatic personal data modification logging for data subject details with renamed keys
• Data subject resolution in circular models

v0.5.2

Fixed

• Automatic personal data modification logging for deep data structures with renamings

v0.5.1

Fixed

• Falsy early exit during bootstrapping in case a service does not contain personal data

v0.5.0

Added

• Common log entry fields uuid, tenant, user and time can be provided manually

v0.4.0

Added

• Support for Premium plan of SAP Audit Log Service
• Support for XSUAA credential type x509
• Support for generic outbox

Changed

• Always use outbox (as configured in project)

Fixed

• Avoid dangling SELECTs to resolve data subject IDs, which resulted in "Transaction already closed" errors

v0.3.2

Fixed

• If the request has no tenant (e.g., Unauthorized), the audit log shall be sent to the provider account

v0.3.1

Fixed

• Defaulting of @PersonalData.DataSubjectRole to entity name
• Overriding service configuration

v0.3.0

Changed

• Default value for cds.requires['audit-log'].handle changed to ['READ', 'WRITE'], i.e., accessing sensitive data is now logged by default.

v0.2.0

Added

• Export class AuditLogService for extending in custom implementations as follows:

  const { AuditLogService } = require('@cap-js/audit-logging')
  class MyAuditLogService extends AuditLogService {
    async init() {
      [...]
      // call AuditLogService's init
      await super.init()
    }
  }
  module.exports = MyAuditLogService

v0.1.0

Added

• New API:
  • audit.log('<event>', <data>) for asynchronous logs (cf. emit)
  • await audit.logSync('<event>', <data>) for synchronous logs (cf. send)
• New REST API-based schema with auto-filled LogEntry aspect
• New events SensitiveDataRead, PersonalDataModified, ConfigurationModified, and SecurityEvent
• Full support for OAuth2 plan of SAP Audit Log Service

Changed

• Whether reading sensitive data and modifying personal data is logged is determined by cds.requires['audit-log'].handle: [...].
  Possible values in the array are READ and/ or WRITE, with WRITE as the sole default entry.
  Hence, accessing sensitive data is not logged by default.
• Integration with SAP Audit Log Service via REST API instead of client library (@sap/audit-logging)

Fixed

• Various glitches in log calculation

Removed

• Old events dataAccessLog, dataModificationLog, configChangeLog, and securityLog
• @AuditLog.Operation annotations are ignored. Having the plugin as dependency signals the intent to audit log.
• cds.features.audit_personal_data: true is no longer necessary. Instead, simply add the plugin as a dependency.