Data inalterability check report¶
Tax authorities in some countries require companies to prove their posted accounting entries are unaltered, meaning that once an entry has been secured, it can no longer be changed.
Để làm điều này, Odoo tạo một dấu vân tay duy nhất cho mỗi bút toán được bảo mật nhờ thuật toán SHA-256. Dấu vân tay này được gọi là hash. Hash được tạo bằng cách lấy dữ liệu cần thiết của bút toán (các giá trị của các trường name, date, journal_id, company_id, debit, credit, account_id và partner_id), nối chúng lại và đưa vào hàm hash SHA-256, sau đó xuất ra một chuỗi ký tự có kích thước cố định (256 bit). Hàm hash là hàm xác định (cùng một đầu vào luôn tạo ra cùng một đầu ra): bất kỳ sửa đổi nhỏ nào đối với dữ liệu gốc sẽ thay đổi hoàn toàn hash tương ứng. Do đó, trong số các thuật toán, thì thuật toán SHA-256 thường được sử dụng để xác minh tính toàn vẹn của dữ liệu.
In addition, the previous entry's hash is always added to the next entry to form a hash chain. This is used to ensure a new entry is not added afterward between two secured entries, as doing so would break the hash chain.
Ghi chú
Hashes generated by the SHA-256 algorithm are theoretically not unique, as there is a finite number of possible values. However, this number is exceptionally high: 2²⁵⁶, which is a lot bigger than the number of atoms in the known universe. This is why hashes are considered unique in practice.
Inalterability features¶
Inalterability features can be enabled by activating the secure posted entries with hash option on any journal or using the secure entries wizard.
Two indicators are added to the journal entry's form view. They show whether the entry is secured or not.
A or (lock icon) next to the Posted state.
A Secured checkbox in the Other info tab.
A Not Secured filter is available on journal entries and journal items' list views. It can be used to find posted journal entries that are not secured yet.
The option to open the secure entries wizard is displayed in the Accounting menu.
Secure posted entries with hash¶
To activate the hashing function on a specific journal, go to . Open a sales, purchase, or miscellaneous journal, go to the Advanced Settings tab, and enable Secure Posted Entries with Hash. Journals for which the feature is activated are called "restricted".
To compute the hash of an entry, Odoo retrieves the predecessor entries of the chain (i.e., the entries with the same sequence prefix) and hashes them in a continuous way from the last hashed entry to the new entry to hash.
Cảnh báo
Once you post an entry in a restricted journal, you cannot disable the feature anymore, nor edit any secured entry.
Secure entries wizard¶
You can also use the Secure Entries Wizard to secure all journal entries, in all journals, up to a specific date.
Ghi chú
The wizard operates independently of the journal settings and journal types.
To open it, activate the developer mode, go to , and click on Secure Entries. If the inalterability features are activated, it is also visible outside the debug mode.
To secure entries, select a date up to which all entries should be secured and press Secure Entries.
Cảnh báo
After securing the entries, you can no longer edit them.
Ghi chú
It can happen that entries that are past the selected date are secured. This is possible since the hash chain corresponds to the sequence prefix, ordered by sequence number.
Report download¶
To download the data inalterability check report, go to and click on Download the Data Inalterability Check Report.
The report's first section is an overview of all journal sequence prefixes containing hashed entries. In the Restricted column, you can see whether or not a journal has the secure posted entries with hash option (V) activated or not (X). The Check column tells you whether all entries are correctly hashed.
The second section gives a more detailed result of the data consistency check for each hashed journal sequence prefix. You can view the first hashed entry and its corresponding hash, as well as the last hashed entry and its corresponding hash.
