SugarCRM does not keep track on record deletion

**chinwoei** · 2008-10-22, 02:54 AM

Hi guys,

Last time I did feedback that a security issue on the record deletion.
SugarCRM are not keep track on the user that delete a particular records.
Why??

**eNick** · 2008-10-22, 06:16 AM

Probably because that's a feature request not a security issue. Some companies trust their staff, some don't. You always have the option of preventing users from deleting records through their security role.

It's also simple enough to code up a logic hook to record deletions to a log file if it's something you need.

**kuske** · 2008-10-23, 08:36 AM

I inserted in the logic_hook for critical objects (e.g. contacts) for event "after_delete" the lines

PHP Code:

  $db = & PearDatabase::getInstance(); 
 
global $current_user;
$taeter = $current_user->id;
$query = "INSERT INTO contacts_audit (id,parent_id,date_created,created_by,field_name,data_type,before_value_string,after_value_string) ".
"VALUES (uuid(),'$focus->id',now(),'$taeter','deleted','bool','0','1');";
$result = $db->query($query, true,"Error auditing contacts.deleted: ");

Now I can see in deleted and restored objects history a delete entry.