Data Export & Security

UC-ANA-002: Export Custom Data

Purpose: Enable deep-dive analysis by exporting raw data.

Property	Value
Actor	Manager
Trigger	User requests export
Priority	P2

Main Success Scenario:

1. User filters "Bookings" table by date range "Last Quarter".
2. User clicks "Export to CSV".
3. System runs background job to generate file.
4. User receives download link via notification.

Acceptance Criteria:

1. [ ] Sensitive PII masked in export (unless authorized).
2. [ ] File generation handles large datasets (>10k rows) gracefully.

UC-ANA-003: View Security Audit Logs

Purpose: Track sensitive actions for security and compliance.

Property	Value
Actor	Tenant Admin
Trigger	Suspicious activity or routine check
Priority	P0

Capabilities Breakdown:

1. Granular Audit Logs (UC 60.1)

• Scope: Tracks "Who created", "Who edited", "Who deleted" for ALL entities.

• Detail: Records "Before Value" vs "After Value" (e.g., Price changed $50 -> $60).

• Search: "Show me all changes by User X between Date A and Date B".

2. Compliance Exports (UC 60.3)

• GDPR / CCPA: One-click "Download My Data" pack for end-users (JSON/PDF).

• Tax Audits: "Export all invoices" for a fiscal year in standard Accounting Format (XERO/QuickBooks CSV).

3. Masking & PII Protection (UC 60.5)

• Role-Based masking: Reception sees +1 555-****, Manager sees +1 555-1234.

• Export Sanitization: Option to anonymize names in analytics dumps.

Main Success Scenario:

1. Admin suspects an unauthorized price change.
2. Admin opens "Audit Logs".
3. Filters by "Entity: Service Menu".
4. Sees Log: "User 'Bob' changed 'Haircut' price from $50 to $10".
5. Admin reverts change and locks Bob's account.

Acceptance Criteria:

1. [ ] Audit logs are immutable (write-once).
2. [ ] "Delete User" (Right to be Forgotten) hard-deletes PII but keeps anonymized transational data.
3. [ ] Exports larger than 10MB are emailed as async download links.

Related Use Cases

• User Roles: Who can see logs.

• Billing: Source of invoice data.

Main Success Scenario:

1. Admin navigates to "Security Logs".
2. System displays chronological list of events (Login, Delete Booking, Export Data).
3. Admin searches for specific user "Staff A".
4. System filters logs to show actions by "Staff A".

Acceptance Criteria:

1. [ ] Immutable logs.
2. [ ] Logs retained for minimum 6 months.