> For the complete documentation index, see [llms.txt](https://activiti.gitbook.io/activiti-7-developers-guide/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://activiti.gitbook.io/activiti-7-developers-guide/components/activiti-cloud-application/audit-service.md). # Activiti Cloud Audit Service The Audit Service module provides Audit capabilities. This module is in charge of consuming one or more Runtime Bundle Events and storing them into the Event Store. Our default implementation consists of a simple JPA implementation which consumes messages emitted by Runtime Bundles and store them as they arrive. The audit service doesn't do any data manipulation. There is also a MongoDB implementation, which makes your life easier if you want to query events that are stored in JSON format. ![](/files/-LHE-GJSl7fYh5SYJjzB) ## Specification The core business logic for the Audit Service module can be found [here](https://github.com/Activiti/activiti-cloud-audit-service). You can take these implementations as the specification for the Audit component and use them as the base for your own custom implementation. We recognise that different use cases might require different technologies to perform under different circumstances. For that reason we provide a reference implementation that does the work, but we promote alternative approaches when needed. If you are interested in contributing an alternative or extensions for our reference implementations we encourage you to get in touch. ## Parameters Queries to REST endpoints can be restricted using parameters to match data fields. For example: `/audit/v1/events?processInstanceId={processInstanceId}` `/audit/v1/events?eventType={eventType}` ## Security and Permissions By default only admin users can access everything. The endpoints that begin with /admin/ can be opened up by passing the role 'user' as the value of the ACTIVITI\_ADMIN\_ROLE environment variable. Event data can be restricted to particular users or roles. This can be done by adding properties such as: activiti.cloud.security.user.testuser.rb-app-name.policy.read=defKey1 activiti.cloud.security.user.hruser.rb-app-name.policy.read=defKey2 Or a wildcard '\*' can be used. Here rb-app-name is the name of a runtime bundle application. Or environment variables can be used such as `ACTIVITI_CLOUD_SECURITY_USER_HRUSER_RBMYAPP_POLICY_READ=SimpleProcess` `ACTIVITI_CLOUD_SECURITY_GROUP_HR_RBMYAPP_POLICY_WRITE=SimpleProcess` `ACTIVITI_CLOUD_SECURITY_GROUP_TESTGROUP_RBMYAPP_POLICY_WRITE=*` ## Spring Boot Starters You can find the Spring Boot 2.x starters used to create our Docker Images and Spring Boot enabled services in the following repository: [Activiti Cloud Audit Services & Spring Boot Starters](https://github.com/Activiti/activiti-cloud-audit-service) ## Implementations * [Activiti Cloud Audit Service - JPA (Reference )using Spring Data JPA](https://github.com/Activiti/activiti-cloud-audit/) * [Activiti Cloud Audit Service - Mongo DB](https://github.com/Activiti/activiti-cloud-audit-mongodb/) ## Docker Images * [Activiti Cloud Audit Service -> JPA (Reference) Docker Image](https://hub.docker.com/r/activiti/activiti-cloud-audit/) * [Activiti Cloud Audit Service -> MongoDB Docker Image](https://hub.docker.com/r/activiti/activiti-cloud-audit-mongodb/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://activiti.gitbook.io/activiti-7-developers-guide/components/activiti-cloud-application/audit-service.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.