22 lines
841 B
SQL
22 lines
841 B
SQL
-- 022: Append-only audit logs (compliance-service)
|
|
CREATE TABLE IF NOT EXISTS audit_logs (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
actor_id UUID REFERENCES users(id),
|
|
actor_role VARCHAR(20),
|
|
action VARCHAR(100) NOT NULL,
|
|
resource_type VARCHAR(50) NOT NULL,
|
|
resource_id UUID,
|
|
details JSONB DEFAULT '{}',
|
|
ip_address INET,
|
|
user_agent VARCHAR(500),
|
|
chain_hash VARCHAR(66),
|
|
previous_hash VARCHAR(66),
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
|
);
|
|
|
|
-- Append-only: no UPDATE or DELETE allowed (enforced at app level)
|
|
CREATE INDEX idx_audit_logs_actor_id ON audit_logs(actor_id);
|
|
CREATE INDEX idx_audit_logs_action ON audit_logs(action);
|
|
CREATE INDEX idx_audit_logs_resource ON audit_logs(resource_type, resource_id);
|
|
CREATE INDEX idx_audit_logs_created_at ON audit_logs(created_at DESC);
|