[Gnumed-devel] Audit schema inaccessible to regular users

[Busser, Jim]

Presently, it is not possible to include (in a query in the report generator) a 
selection from any of the tables in the audit schema. This is because - 
presently -that schema cannot even be read by anyone other than gm-dbo.

One option would be to make it possible, in the report generator, to input the 
gm-dbo password and permit the resulting queries to be made as gm-dbo.

A better option would be to adjust the audit schema so that where users had 
write access to the original tables, they would also have read access to the 
audit log versions of the tables, for example:

1)      staff has write access to create inbox items

        --> staff is allowed read access to 
                audit.log_message

2)      doctors have write access to clinical tables

        --> doctors are allowed read access to 
                audit.<clinical tables>


I would have trouble to understand why people should not have read access to 
the earlier versions of what they(or co-workers) had written when it might be 
necessary to review the previous values in order to retrieve a prematurely 
deleted piece of information (inbox or waitlist) or to unpuzzle what had 
happened with care when a value had gotten changed.

If queries of the audit log rows would escape being recorded when such viewing 
of information is needed to be captured under some privacy regulations, it 
should be remembered that the audit rows will in every case fail to disclose 
*current* information and will also many times fail to show *any* information 
because there will be no row in the audit table until an original was deleted 
or updated. This helps the issue (despite I agree does not fully solve it).

-- Jim