数据不可更改性检查报告¶
Tax authorities in some countries require companies to prove their posted accounting entries are unaltered, meaning that once an entry has been secured, it can no longer be changed.
To do so, Odoo creates a unique fingerprint for each secured entry thanks to the SHA-256 algorithm.
This fingerprint is called a hash. The hash is generated by taking an entry’s essential data
(the values of the name
, date
, journal_id
, company_id
, debit
, credit
, account_id
, and
partner_id
fields), concatenating it, and inputting it to the SHA-256 hash function, which then
outputs a fixed size (256-bit) string of characters. The hash function is deterministic (the
same input always creates the same output): any minor modification to the original data would
completely change the resulting hash. Consequently, the SHA-256 algorithm is often used, among
others, for data integrity verification purposes.
In addition, the previous entry’s hash is always added to the next entry to form a hash chain. This is used to ensure a new entry is not added afterward between two secured entries, as doing so would break the hash chain.
注解
SHA-256算法生成的哈希值在理论上不是唯一的,因为可能的值是有限的。但是,这个数字非常大:2²⁵⁶,比已知宇宙中的原子数量还要大得多。这就是为什么哈希值在实践中被认为是唯一的原因。
Inalterability features¶
Inalterability features can be enabled by activating the secure posted entries with hash option on any journal or using the secure entries wizard.
Two indicators are added to the journal entry’s form view. They show whether the entry is secured or not.
A or (lock icon) next to the Posted state.
A Secured checkbox in the Other info tab.
A Not Secured filter is available on journal entries and journal items’ list views. It can be used to find posted journal entries that are not secured yet.
The option to open the secure entries wizard is displayed in the Accounting menu.
Secure posted entries with hash¶
To activate the hashing function on a specific journal, go to Advanced Settings tab, and enable Secure Posted Entries with Hash. Journals for which the feature is activated are called “restricted”.
. Open a sales, purchase, or miscellaneous journal, go to theTo compute the hash of an entry, Odoo retrieves the predecessor entries of the chain (i.e., the entries with the same sequence prefix) and hashes them in a continuous way from the last hashed entry to the new entry to hash.
警告
Once you post an entry in a restricted journal, you cannot disable the feature anymore, nor edit any secured entry.
Secure entries wizard¶
You can also use the Secure Entries Wizard to secure all journal entries, in all journals, up to a specific date.
注解
The wizard operates independently of the journal settings and journal types.
To open it, activate the developer mode, go to , and click on Secure Entries. If the inalterability features are activated, it is also visible outside the debug mode.
To secure entries, select a date up to which all entries should be secured and press Secure Entries.
警告
After securing the entries, you can no longer edit them.
注解
It can happen that entries that are past the selected date are secured. This is possible since the hash chain corresponds to the sequence prefix, ordered by sequence number.
报告下载¶
要下载数据不可更改性检查报告,请转到 下载数据不可更改性检查报告。
并 点击The report’s first section is an overview of all journal sequence prefixes containing hashed entries. In the Restricted column, you can see whether or not a journal has the secure posted entries with hash option (V) activated or not (X). The Check column tells you whether all entries are correctly hashed.
The second section gives a more detailed result of the data consistency check for each hashed journal sequence prefix. You can view the first hashed entry and its corresponding hash, as well as the last hashed entry and its corresponding hash.