Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1241

Populate audit log from changes to Identity Management

    XMLWordPrintable

Details

    Description

      Current Situation

      • JOC Cockpit supports a number of Identity Services to manage users, roles and permissions.
      • Changes resulting from such management operations are not reflected with the Audit Log.

       Desired Behavior

      1. Any changes to the following objects should be reported with the Audit Log:
        • Identity Services
        • User Accounts
        • Roles
        • Permissions
      2. For Audit Log entries the category "IDENTITY" is used.
      3. The Settings page offers to specify the force_comments_for_audit_log setting in the "joc" section. 
        1. The following behavior applies: with the force_comments_for_audit_log using the value true:
          • For any operation that a user actively performs (from an action menu item, from a popup window) the user is forced to add/select a reason for this change from a popup windows with the reason being written to the Audit Log.
          • For any operation that a user performs by modifying a permission no popup window is displayed. Instead the following reason is automatically added, for example for a store operation: [automatically created]
        2. The following behavior applies: with the force_comments_for_audit_log using the value false:
          • No reasons for the Audit Log are requested
          • after each Audit Log entries of any changes caused by a user 
      4. The Profile page offers to specify the enable_reasons_for_audit_log setting:
        1. The following behavior applies: with the enable_reasons_for_audit_log using the value true
          • same as 3.1)
        2. The following behavior applies: with the enable_reasons_for_audit_log using the value false
          • same as 3.2)
      5. For both 3) and 4) the following behavior applies:
        1. The popup window that forces/offers to add a reason to the Audit Log displays a checkbox "reuse reason".
        2. The following behavior applies with "reuse reason" being unchecked: 
          1. The user has to add a reason individually for each operation on Identity Services, such as adding an account, resetting a password, adding a role etc.
        3. The following behavior applies with "reuse reason" being checked:
          1. The currently added/selected reason is re-used for any further occurrences of changes to Identity Services.
          2. The GUI behaves as if the force_comments_for_audit_log and enable_reasons_for_audit_log settings would use the value false. In fact the previously added/selected reason is used for any further additions to the Audit Log.
          3. This is true as long as the user remains within the Identity Service page and any sub-views. If the user leaves this page, for example by navigating to the Dashboard and then returning to the Identity Service page then the system behaves as if "reuse reason" had not be checked.
      6. The behavior 3), 4), 5) is intended for the following use cases:
        1. Add/select a reason individually per change as for 3.1, 4.1 and 5.2. This is applicable for a situation where we find few changes.
        2. Reuse a reason that is added just once as for 3.1, 4.1 and 5.3 for a situation when a larger number changes, for example adding 20 user accounts, is performed.

       

       

      Attachments

        Issue Links

          Activity

            People

              ur Uwe Risse
              ap Andreas Püschel
              Kanika Agrawal Kanika Agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: