Description
TL;DR: This feature request describes data access and modification logging which is a legal requirement that presumably 99% of app providers using Parse Server / Parse Dashboard currently fail to meet.
Is your feature request related to a problem? Please describe.
Parse Server offers data access and manipulation via its Parse Dashboard. For the dashboard to be usable in a business (or even "hobby developer") environment, Parse Server needs to comply with GDPR if it handles data of "EU users"*.
The dashboard is the main (and only?) tool of Parse Server for quick and easy manual data view and manipulation. It would be beneficial for many users if the dashboard (in connection with parse server) complied with GDPR.
Describe the solution you'd like
A mechanism that logs:
- User login
- Data view
- Data manipulation (entry / modification)
- Schema manipulation
- ACL manipulation
- Push sending
The easiest way would probably be to add a logging mechanism to the Parse Dashboard alone, without any modification of Parse Server, if that's possible. It should store the logs in a separate file, so these logs files can be easily dealt with according to archiving requirement of GDPR (audit-proof, etc).
Describe alternatives you've considered
Not making the dashboard GRPD compliant would render it legally unusable for aforementioned data.
Alternatives:
- Data manipulation directly in the DB; that shifts the GDPR compliance requirement to the DB interface.
- Create a separate app with user management and logging, essentially replicating functions of the parse dashboard.
Additional context
- GDPR compliance requires the logging of data access and data modification (among many other things) for data of EU residents (regardless of citizenship) and EU citizens (regardless of residency). GDPR is enforceable since 25 May 2018.