Do you mean who execute the whole script ? is this really important ?
I think the important part is to know who add the changeSet, and you can do it just adding author property.
…
But I’m also curious on what people say about your question.
Do you mean who execute the whole script ? is this really important ?
I think the important part is to know who add the changeSet, and you can do it just adding author property.
…
But I’m also curious on what people say about your question.
I thought this would be a common question, but I cannot find any related information…
How do people track, which user actually applied the Liquibase changes to the database? Seems like a very fundamental question in the SOX world that many people live in today?
Our auditors need to know “who” ran the script in production - would be great if it was in the databasechangelog table?
How do you get around this problem (or answer the question?)
Thanks. Phil
Thanks for your suggestion… The author is great for “who wrote” the change set, but does not answer who applied it to the database
I think it is more about trace-ability. What if the change was not supposed to be applied until the end of the day, or next week? How would you ever know who ran the liquibase update? Or, who ran the change set for this release? From an “audit” perspective, this is way more important than the author.
Plus, I’m sure every shop is different, but the person who actually runs the update, may be one of a dozen people. I have no idea of know who actually ran it. It seems like we will have to manually backtrack each change set id, back to JIRA to pull this information. - kind of a pain, IMHO!
Really, this is not a question anyone else ever gets asked? If not, how do I make my “auditor types” happy?
Thanks!
Currently Liquibase doesn’t do any sort of audit tracking. The author field on the changeSet can be used to track the original author of the changeSet, but it is not who actually ran the changeSet and can easily be spoofed.
I’ve tended to assume that tracking database interactions for auditing purposes would be handled externally from liquibase since there is often those processes already in place. However, there are some options to build support into Liquibase through the extension system. The easiest would probably be through a ChangeExecListener.
Alternately, I know that auditing is one of the features being looked at in DaticalDB (http://www.datical.com/Liquibase/). You can contact them for more information on what they are building on top of Liquibase.
Nathan