Comment by michaelt
20 hours ago
> You would still have an audit log of the deletion of that email record by the superuser, even if the content is deleted.
If needing things wiped from the audit logs happens often, you might indeed have an audited interface for wiping things from the audit logs.
But if it's very rare? Maybe I just request the production database password for "Incident #12345" and run some careful SQL.
> And there would be other records generated to document the deletion, like I'm sure a long email or slack thread
For sure - but the account capable of deleting entries from the audit logs exists
And if I am ordered to hand it over to someone who doesn't care to explain their actions on slack? Then there won't be any explanations in slack.
No comments yet
Contribute on Hacker News ↗