[Baypiggies] The Django admin and SOX compliance
Deirdre Saoirse Moen
deirdre at deirdre.net
Wed Dec 9 19:06:59 EST 2020
On Wed, Dec 9, 2020, at 3:02 PM, Shannon -jj Behrens wrote:
> If you think about being compliant with certain things like SOX, SOC2, ISO 27001/2, one of the things you have to do is get a lot more careful about who can view and modify data. Consider the idea where you have a Django admin which allows you to mutate a bunch of the data in your database. Now, imagine a bunch of customer support agents making use of this Django admin in order to make changes on an as-needed basis.
>
> Now, imagine you want to add some workflow on top of this. Let's say a support agent needs to change some row (model object). However, we want such changes to be approved before making the change.
In rails projects, I've just previously added a version (and tracking info like date and who made the change) to the data, and then incremented the version number when saving the record, with the unique key being the original UUID + the version. I haven't tried this in Django.
There's also the wrinkle of documenting schema changes, because it's possible to lose data that way when it's transformed. In Rails, there was the acts_as_versioned gem, now succeeded by paper_trail, to handle that case. (This was above and in addition to migrations.)
Once you've got it out of the database, looks like pyrsistent may help. In any case, I'm contributing to a project that uses it.
Deirdre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/baypiggies/attachments/20201209/204b7575/attachment.html>
More information about the Baypiggies
mailing list