1.  Improve Audit Logging to meet industry standards

2. What is the nature and description of the request?

As a customer, and based on the details in the Responsibility Matrix....

I want to be able to identify which user (or Service Account) made changes to a specific OpenShift object and what those changes were.

Here is a recent example of a customer request in which the customer believes an SRE or a Cluster Operator changed an attribute in an object.

We noticed that some of the MCPs became Unpaused during the upgrade. This is not initiated by us. Is there a command to show the history of the MCP

Identifying the user who performed this action via the audit logs would be the quickest and simplest way to resolve these types of concerns.

I can also see this level of information useful, dare I say it, in a full-blown security investigation and may make us look a little silly if it's not available.

Currently, this level of detail is not provided.  The Audit Policy is set by default to Metadata. To identify changes to attributes, the policy should be set to Request 

3. Why does the customer need this? (List the business requirements here)

Both the customer and Red Hat would find it useful to identify actions taken by users (or service accounts) to the attribute level for various reasons, including tracing bugs in operators, silly mistakes by users (both Red Hat and customers) that they deny, and actions taken by a malicious actor during a security breach.

4. List any affected packages or components.

Unknown