Skip to main content
All docs

Audit Trail Module (XPO)

  • 5 minutes to read

The AuditTrailModule is implemented by the DevExpress.ExpressApp.AuditTrail.Xpo.v23.1.dll assembly. Install the DevExpress.ExpressApp.AuditTrail.Xpo NuGet package and use one of the following techniques to add the Audit Trail module:

Check that the DevExpress.Persistent.Base.v23.1.dll assembly is referenced in your application, since it contains XAF-independent services used by the Audit Trail module.

After the necessary assemblies listed above have been referenced, all persistent objects in the application will be audited. The default audit settings are described below.

  • All persistent classes (inherited from the Base Persistent Classes) are audited by the Audit Trail system.
  • All public simple and reference properties owned by persistent classes are audited. However, read-only properties (properties with no set accessor) are not audited.
  • All public collection properties owned by persistent classes are audited.
  • All object changes - object creation, deletion and modification, names of modified properties, initial and actual values of properties are fully audited. Current user name provided by the Security System is also saved.
  • Audit information is logged to the application database.
  • The real values of properties stored as blob data (e.g., images) are not saved. The “Blob data” string is saved instead.
  • The null values are saved as the “N/A” string.

When the object is modified in the Detail View, the initial values are copied immediately when an object has been loaded. When the object is modified in Editable List View, initial values are copied in the BaseObjectSpace.ObjectChanged event. The actual values are collected and saved in a separate UnitOfWork in the BaseObjectSpace.Committed event.

The following table lists the changes which are logged by the Audit Trail module:

Change Description
ObjectCreated The audited object has been created.
InitialValueAssigned An initial value has been assigned to the audited object before the first save.
ObjectChanged The audited object’s property has been changed.
ObjectDeleted The audited object has been deleted.
AddedToCollection The audited object has been added to a collection.
RemovedFromCollection The audited object has been removed from a collection.
CollectionObjectChanged An object from the audited object has been changed.
AggregatedObjectChanged The object aggregated by the audited object has been changed.
CustomData Custom data has been added to the audit log.

In code, changes are represented by the AuditDataItem class. This class’ properties are logged. By default, they are saved to the database by an AuditDataStore object. This object creates an AuditDataItemPersistent persistent object and saves it to the database. To save changes represented by the AuditDataItem objects in another storage, inherit a custom class from the AuditDataStore class and override the Save method (see the Customize the Audit Trail System topic).

To analyze the audit log, you need to know what database tables represent it. With the Audit Trail module, the following tables are added to the database:

  • AuditDataItemPersistent

    Represents the table where the AuditDataItemPersistent objects are stored. Each time one of the changes listed above is made, a new record is added to this table. The table’s AuditedObject field contains references to the corresponding records in the AuditObjectWeakReference table. The OldObject and NewObject fields contain references to the corresponding records in the XPWeekReference table. These fields’ string representations are stored into the OldValue and NewValue fields, respectively.


    • The AuditedObject is null for deleting operation when the deferred deletion option is disabled for the audited type. Use the DeferredDeletionAttribute to enable it.
    • For collection modification entries (AddedToCollection, RemovedFromCollection, CollectionObjectChanged, AggregatedObjectChanged), a reference to the modified persistent object along with the object’s string representation are always stored into the OldObject / OldValue fields.
    • The Security System creates a default user that cannot access or change the audit data records. To allow a user to access these records, grant a type permission for AuditDataItemPersistent, AuditedObjectWeakReference, and XPWeakReference.
  • XPWeakReference

    Contains data on the objects that have been changed. Object identifiers are stored as strings.

  • AuditedObjectWeakReference

    Contains data on both the objects that have been changed and the objects that have taken part in a change. Object identifiers are stored in the GuidId or IntId field, depending whether they are stored as Guid or integer values. So, the AuditedObjectWeakReference table represents a more convenient way to access object data than via the XPWeakReference table.

It is possible to lose some of the object changes, if these changes are performed within a session that is not audited. This can occur if you manually create a Session or UnitOfWork. To avoid such a failure, use the Application.CreateObjectSpace method, when you need to create your own Session or UnitOfWork:

IObjectSpace objectSpace = Application.CreateObjectSpace(typeof(MyBusinessClass));


Do not write a statement like the following:

Session session = new Session(...);
See Also