Unfortunately, AC data model has the only option to show 'who edited this item last' - Last Modified as a link to Operator who modified the item last time.
This is not enough because often I hear questions from colleagues like 'who modified workflow/delivery/template/campaign, and _what_ was changed?'
For some systems which haven't any security logs we have experience in creating triggers in the database which stores insert/update/delete transactions over particular tables somewhere in external tables/database. But it is not the case as we're using instance hosted by Adobe and don't have direct access to postgres to maintain such solution.
The other theoretical option is to modify soaprouter. As an entry-point of all Console-Server communication it knows exactly what requests are being sent from each user. But, once again, there is no option to modify soaprouter in case of hosted instance.
Does anybody have any experience in organizing any king of security logs/audit to keep track of changes made by users? Or probably there is a planned feature?
because GDPR European law that will apply in May 2018 requires such audit logs functionalities.
Some of these audit logs may be given by underlying RDBMS of course, where audit is done at table/row/column level at least for Oracle and SQL Server RDBMS.
But the GDPR regulation also requires to get logs at functional level: who extracted data for whom, etc. Such data traceability/ lineage is frequently given by ETL (Extract/Transform/Load) tools such as Informatica, Talend, Microsoft SSIS, etc.
But this question must be addressed by Adobe product and legal teams quickly.