Topics Map > Models

LCS - Adding an audit log to your application

For applications that are displaying sensitive or restricted data an audit log of who accessed, created, updated, or deleted that data is required by the Office of Cybersecurity. This guide will walk you through capturing that data.

Setup

For New Applications that contain data that would fall under this need we will have a new application template that will include these setup steps. You can skip to the implementation. 

If you need to retro fit an existing application, identify the pages and models that need to be under audit logging. 

Create a new Model called “Audit log” it should have at least the following custom properties added to it. 

Table of Custom Properties for an Audit Log

Accessed By (NetID) 

Text 

Type 

List (access, create, update, delete) 

Page Accessed (Name or Path) 

Text 

Model Name 

Text 

Record ID 

Text 

Content changed 

Text Multi-line 

Action Taken By

text (email or EmplID of the user that made the change/access)

Since Application Users don’t need to read these logs No role should have read access.  

Implementation

Access Log 

The way we will get page access into the log is via a standard form component and 3 hidden fields, one field to pass the page name and another to pass the ID of the record and the final to pass the Model. If it’s a collection or multiple models records add them all. If you have custom requirements, you can add these as hidden fields here as well. 

Delete both the success and error alerts, this will be a completely silent form submission with no interactions. To ensure you can capture all the needed data the form will need to be inside your data containers at least until Page variables are viable. 

Then in the action create a new audit log record with the values from the form.

Create Update Delete Log 

Prerequisites for this is to install the Compare Records and Sub Action Blocks from the block store. 

Once installed, identify every action that you are creating, updating or deleting and data that would fall under audit requirement.  

Create  

For create steps this would be like the Access log add a create step and provide the relevant data to the create. (user, type, model, resulting ID). 

Delete 

Like create add a create step after the deletion step and add the relevant information (user, type, model, record ID).

Update 

You have two options you could create a sub action to do the creation of the audit record, or you could just put it inline I will outline both options. 

Sub Action 

Create a sub action for create Audit log. the input will be the new record from the update step, the original record, Model name and Record ID of the change.  

Add the Compare Record step and follow the instructions in KB (https://kb.wisc.edu/lowcodesolutions/139036) to set that up. 

Once you have the step configured and returning the compare. Add a create step and fill out the relevant properties (user, type, model, record id, content changes) 

Then in each action call the Sub action and provide the correct inputs.

Inline 

In each action add the Compare Record step and follow the instructions in KB (https://kb.wisc.edu/lowcodesolutions/139036) to set that up. 

Once you have the step configured and returning the compare. Add a create step and fill out the relevant properties (user, type, model, record id, content changes). 



Keywords:
Audit, logging, access, security, hipaa, ephi, ferpa 
Doc ID:
149297
Owned by:
Celia P. in Low Code Solutions
Created:
2025-03-24
Updated:
2025-04-03
Sites:
DoIT Enterprise Business Systems - Low Code Solutions