Story: Provenance and actor stamping
Table of Contents
This page documents a story in Sprint 13. It captures the goal, current status, acceptance criteria, and the tasks that compose it.
Goal
Get audit stamping honest: remove the current_user escape hatch,
route the actor through app.current_actor GUC, validate every
modified_by / performed_by site.
Status
| Field | Value |
|---|---|
| State | DONE |
| Parent sprint | Sprint 13 |
| Now | Completed 2026-02-21. |
| Waiting on | None. |
| Next | None. |
| Last touched | 2026-02-21 |
Acceptance
- Escape hatch in
ores_iam_validate_account_username_fnremoved. - Foundation populate ordered so service accounts seed first.
ores_iam_current_actor_fnreads the GUC; fallback explicit.- Silent
current_userdefaults forassigned_byreplaced with validated calls.
Tasks
| Task | State | Start | End | Description |
|---|---|---|---|---|
| Fix performed_by and modified_by stamping | DONE | 2026-05-20 | 2026-02-21 | Remove current_user escape hatch from ores_iam_validate_account_username_fn; reorder foundation_populate.sql so IAM service accounts populate first; introduce ores_iam_current_actor_fn reading app.current_actor GUC; use resolved actor in all inserts under ores_iam_provision_tenant_fn; replace silent current_user defaults for assigned_by in image_tags + account_roles. |
Decisions
- Bootstrap-aware validation
- rather than a global escape hatch, validation knows about bootstrap explicitly.
- Actor via GUC, not parameter
- keeps the signature surface small; sessions populate the GUC on acquire.
Out of scope
- Audit-trail UI surface.
See also
- Audit trail and system account (sprint 12) — predecessor work.