Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-19119

RBAC | Audit Logging

XMLWordPrintable

    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Logging and traceability are available for the following actions taken by an individual (UI) or system (API): 

      • A group is created, edited or deleted
      • A role is created, edited or deleted
      • A role is added to or removed from a group
      • A user is added to or removed from a group
      • A service account is added to or removed from a group
      • A permission is added to or removed from a role
      • A role-binding is made between a workspace, user group and role [New AuthZ Model Only]

      For each action logged, include the following details (at a minimum):

      • User identity (e.g. UserID)
      • OrgID (e.g. Account)
      • Timestamp
      • Action (including the name/id of the group, role, permission or users that were updated)
      • Any others (TBD from team)
      Show
      Logging and traceability are available for the following actions taken by an individual (UI) or system (API):  A group is created, edited or deleted A role is created, edited or deleted A role is added to or removed from a group A user is added to or removed from a group A service account is added to or removed from a group A permission is added to or removed from a role A role-binding is made between a workspace, user group and role [New AuthZ Model Only] For each action logged, include the following details (at a minimum): User identity (e.g. UserID) OrgID (e.g. Account) Timestamp Action (including the name/id of the group, role, permission or users that were updated) Any others (TBD from team)
    • Unset
    • CRCPLAN-233 - AuthZ | PRBAC v2 Customer Migration to Workspaces
    • None
    • Platform A&M Sprint 71, Platform A&M Sprint 72, Platform A&M Sprint 73, Platform A&M Sprint 74, Platform A&M Sprint 75, Access & Management Sprint 76, Access & Management Sprint 77, Access & Management Sprint 78, Access & Management Sprint 79, Access & Management Sprint 80, Access & Management Sprint 81, Access & Management Sprint 82, Access & Management Sprint 83, Access & Management Sprint 84, Access & Management Sprint 85, Access & Management Sprint 86, Access & Management Sprint 87, Access & Management Sprint 88, Access & Management Sprint 89, Access & Management Sprint 90, Access & Management Sprint 91, Access & Management Sprint 92, Access & Management Sprint 93, Access & Management Sprint 94, A&M Tech Debt Q10, Access & Management Sprint 95, Access & Management Sprint 95, Access & Management Sprint 96, Access & Management Sprint 97, Access & Management Sprint 98, Access & Management Sprint 99, Access & Management Sprint 100

      We will need audit logs for RBAC operations, to provide an audit trail on operations performed in RBAC.

      We may be able to tie into some of the hooks created for notifications [1], but should come up with a set of specific actions required for these logs.

      This may also be tangentially related/relevant to the discussion around TAM access request tracing/audit trails [2].

      rhn-support-lphiri to help provide requirements around this.

      [1] https://issues.redhat.com/browse/RHCLOUD-17740
      [2] https://issues.redhat.com/browse/RHCLOUD-10910

          1.
          		 Handoff to platex team Sub-task Backlog Normal Ellen Dong
          2.
          		 Log when Role/User/SA is added to a group Sub-task Code Review Normal Ellen Dong
          3.
          		 Log_Remove when principal/SA/role is removed from group Sub-task New Normal Ellen Dong

              rh-ee-edong Ellen Dong
              kwalsh@redhat.com Keith Walsh
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: