Audit Compliance Center
Based on the latest RuoyiPlus backend architecture, 5 DOs / 5 Controllers, menu ID starting from 10500, building an enterprise unified audit compliance center
Module Scale
| Metric | Value |
|---|---|
| Data Objects (DO) | 5 |
| Controllers | 5 |
| Menu ID Start | 10500 |
| Maven Module | yudao-module-audit |
Core Data Tables
| Table Name | Description |
|---|---|
audit_event | Audit Event |
audit_block | Audit Block |
audit_rule | Audit Rule |
audit_statistics | Audit Statistics |
audit_auditor | Auditor |
Core Positioning
In one sentence: Audit is the platform’s “black box”, recording the complete chain of all key operations and using blockchain technology to ensure data immutability, meeting Level 3 classified protection and financial-grade audit requirements.
What Problems Does It Solve
| Pain Point | Traditional Approach | RuoYiPlus Audit Solution |
|---|---|---|
| No operation traceability | Logs scattered across services | Unified audit event collection center |
| Data may be tampered with | Regular database logs | Blockchain hash chain proof |
| Low audit efficiency | Manual log checking | Change comparison + risk scoring + automated reports |
| Non-compliant | Incomplete logs | Covers all Level 3 classified protection audit requirements |
Who Is It For
- Enterprises that need to pass Level 3 classified protection certification
- Heavily regulated industries such as finance and healthcare
- Internal management systems that require audit trails
User Roles
graph TB
subgraph "Audit User Roles"
AUDITOR["Auditor
Review operation logs, generate reports"] SECURITY["Security Administrator
Configure audit rules, risk strategies"] ADMIN["System Administrator
Manage audit storage, archiving policies"] DEV["Developer
Integrate audit SDK"] end AUDITOR -->|Review| LOG["Operation Logs"] AUDITOR -->|Generate| REPORT["Compliance Reports"] SECURITY -->|Configure| RULE["Audit Rules"] SECURITY -->|Monitor| ALERT["Risk Alerts"] ADMIN -->|Manage| STORAGE["Storage Policies"] DEV -->|Integrate| SDK["Audit SDK"]
Review operation logs, generate reports"] SECURITY["Security Administrator
Configure audit rules, risk strategies"] ADMIN["System Administrator
Manage audit storage, archiving policies"] DEV["Developer
Integrate audit SDK"] end AUDITOR -->|Review| LOG["Operation Logs"] AUDITOR -->|Generate| REPORT["Compliance Reports"] SECURITY -->|Configure| RULE["Audit Rules"] SECURITY -->|Monitor| ALERT["Risk Alerts"] ADMIN -->|Manage| STORAGE["Storage Policies"] DEV -->|Integrate| SDK["Audit SDK"]
Core Collaboration Flow
Audit Event Full Chain
sequenceDiagram
participant BIZ as Business System
participant AUDIT as Audit Center
participant BC as Blockchain Service
participant REPORT as Report Engine
BIZ->>AUDIT: Report operation event
AUDIT->>AUDIT: Event parsing + standardization
AUDIT->>AUDIT: Change comparison (before/after)
AUDIT->>AUDIT: Risk scoring
AUDIT->>BC: Generate block hash
BC->>BC: Link to previous block
AUDIT->>AUDIT: Tiered storage (hot/cold)
REPORT->>AUDIT: Scheduled compliance report generation
Audit Event Types
graph TB
subgraph "Audit Event Collection"
A1["Login Audit
Login/Logout/Failure"] A2["Operation Audit
Create/Update/Delete/Query"] A3["Permission Audit
Role/Permission Changes"] A4["Export Audit
Data Export/Report Download"] A5["Sensitive Audit
Critical Data Access"] A6["API Audit
Call Statistics"] end subgraph "Audit Processing" B1["Event Parsing"] B2["Change Comparison"] B3["Risk Scoring"] end A1 & A2 & A3 & A4 & A5 & A6 --> B1 B1 --> B2 --> B3
Login/Logout/Failure"] A2["Operation Audit
Create/Update/Delete/Query"] A3["Permission Audit
Role/Permission Changes"] A4["Export Audit
Data Export/Report Download"] A5["Sensitive Audit
Critical Data Access"] A6["API Audit
Call Statistics"] end subgraph "Audit Processing" B1["Event Parsing"] B2["Change Comparison"] B3["Risk Scoring"] end A1 & A2 & A3 & A4 & A5 & A6 --> B1 B1 --> B2 --> B3
Blockchain Hash Chain
graph TB
subgraph "Genesis Block"
G1["blockHash = SHA256(data)"]
end
subgraph "Block N"
BN1["blockHash = SHA256(data + prevHash)"]
BN2["previousHash = Block N-1 hash"]
end
subgraph "Block N+1"
BN3["blockHash = SHA256(data + prevHash)"]
BN4["previousHash = Block N hash"]
end
G1 --> BN2
BN1 --> BN4
Audit Event Content
{
"eventId": "evt_20240101_001",
"timestamp": "2024-01-01 10:30:00.123",
"userId": "user_10001",
"userName": "Zhang San",
"userIp": "192.168.1.100",
"actionType": "UPDATE",
"resourceType": "customer",
"resourceId": "cust_20001",
"changes": {
"name": {"old": "Old Name", "new": "New Name"},
"phone": {"old": "13800001111", "new": "138****2222"}
},
"riskLevel": 2,
"duration": 125
}
Audit Scope
| Audit Type | Audit Content | Granularity | Retention Period |
|---|---|---|---|
| Login Audit | Login/Logout/Failure | Per event | 1 year |
| Operation Audit | Create/Update/Delete/Query | Per event | 3 years |
| Permission Audit | Role changes/Permission adjustments | Per event | Permanent |
| Export Audit | Data export/Report download | Per event | 3 years |
| Sensitive Audit | Critical data access | Per event | Permanent |
| API Audit | API call statistics | Aggregated | 1 year |
Sensitive Operation Alerts
audit:
alert-rules:
- event: "Data Export"
threshold: 10
window: 10m
action: "notify_admin"
- event: "Batch Delete"
action: "require_approval"
- event: "Permission Change"
condition: "after_role = admin"
action: "notify_security"
Business Value
| Value Point | Description |
|---|---|
| Compliance Achievement | Meets Level 3 classified protection and financial audit requirements |
| Tamper-proof | Blockchain hash chain, data non-repudiation |
| Traceable | Full-chain audit, replayable operations |
| Automated Reports | Scheduled compliance report generation |
| Risk Early Warning | Real-time risk scoring + anomaly alerts |