Admin Audit Events Overview - hmislk/hmis GitHub Wiki
Audit Events — Overview and Viewing
Overview
The Audit Events system records a timestamped log of who changed what, and when, across key entities in HMIS. Every create, update, activate, and deactivate operation on departments, institutions, and other managed entities writes an audit event. This provides full traceability for compliance, troubleshooting, and governance.
When to Use
- Investigating when a department was deactivated and who did it
- Verifying that a configuration change was made
- Compliance audits requiring change history
- Tracing the source of an unexpected system state
What Is Audited
The following events are captured:
| Action | Example Event |
|---|---|
| Create | "Create Department" |
| Update | "Update Department" |
| Delete | "Delete Department" |
| Activate | "Activate Department" |
| Deactivate | "Deactivate Department" |
Similar event types exist for institutions, sites, and other audited entities.
Person (practitioner) demographic edits are also audited: editing a Staff, Doctor, or Consultant's underlying Person record raises a createPerson or updatePerson event with before/after values for name, date of birth, NIC, and other demographic fields. See Audit Trail on Practitioner Records for details.
Navigating to Audit Events
All audit events (system-wide): Navigate to Administration → Manage Metadata → Data Administration → All Audit Events
Department-specific:
- Click Administration → Manage Institutions → Departments
- Select a department
- Click History from the action buttons
Institution-specific: Navigate to Institution management and click History on the selected institution
Site-specific: From Site Management, select a site and click History
The Audit Event Table
Each audit event record shows:
| Column | Description |
|---|---|
| ID | Internal record identifier |
| Date / Time | When the event occurred |
| Action | The event type — colour-coded: green=Create, yellow=Update, red=Delete, teal=Activate, grey=Deactivate |
| User | The username of the person who made the change |
| Changes | A diff showing what fields changed and their before/after values |
| Status | Completed (green), Failed (red), or Pending (yellow) |
| IP Address | Network address of the device used |
Click Refresh Events to reload the latest events.
Filtering and Searching
The audit table supports pagination. Click column headings to sort. The table loads with 20 events per page by default; use the paginator to change to 10, 50, or 100 per page.
Department Audit Details
When viewing department audit events, the top section shows the department's current state:
- Name, Code
- Status (Active / Inactive badge)
- Department Type
- Institution and Site
- Total number of audit events
Technical Notes (Admin/Developer)
Audit events are stored as AuditEvent entities. The eventTrigger field holds the action name. The difference field holds a diff string comparing old and new values. The webUserId field stores who made the change (resolved to a name via webUserController.findWebUserNameWithTitleById()). AuditEventApplicationController handles async logging via @Asynchronous EJB. departmentController.fillDepartmentAuditEvents() loads department-specific events.