Expand description
Audit Logging for Authorization Events
Provides immutable audit trail for compliance and security monitoring.
§Features
- Immutable Audit Trail: Append-only logging of all authorization events
- Permission Check Logging: Track who accessed what, when
- Tuple Mutation Logging: Track all changes to authorization rules
- Configurable Sampling: Control logging overhead
- Compliance Reporting: SOC 2, GDPR, HIPAA audit queries
- Tamper-Proof Storage: Cryptographic integrity verification
§Example
use oxify_authz::audit::*;
let mut config = AuditConfig::default()
.with_sampling_rate(0.1) // Log 10% of checks
.with_always_log_denials(true); // Always log denied access
let logger = AuditLogger::new(config);
// Log a permission check
let event = AuditEvent::permission_check(
"user:alice",
"document:123",
"viewer",
true, // allowed
Some("tenant-123".to_string()),
);
logger.log(event).await?;
// Query audit trail
let events = logger.query_by_resource("document:123", None, None).await?;
println!("Found {} access events for document:123", events.len());Structs§
- Audit
Config - Audit configuration
- Audit
Event - Audit event
- Audit
Logger - Audit logger
- Audit
Stats - Audit statistics
- Compliance
Report - Compliance report
Enums§
- Audit
Event Type - Audit event type
- Audit
Storage Backend - Audit storage backend