Details
-
Bug
-
Status: Closed
-
High
-
Resolution: Fixed
-
14.2.1
-
Flagged
-
Pulsar
-
Pulsar 240 - 14.3 Hardening
Description
There are audit log entries for create-userrole and delete-userrole but not for (un)assigning them to users/groups. Feedback from a client:
We are working on improving our security monitoring on brXM CMS side. One of the use cases is monitoring (via the audit log) of user creation or modification when it concerns "admin" users.
This means we want to monitor audit log messages for:
- Users being assigned to or removed from a specific group (admin or cms-admin)
- Users being assigned to or removed from a specific userrole (*admin)
- Userrole being assigned to or remove from a specific userrole (*admin)
- Group being assigned to or remove from a specific userrole (*admin)
Perhaps I forgot a use case here, but this should give a good impression
All the actions concerning adding or removing to a userrole do not seem to be logged. I can not find them in the audit.log.
Besides not being able to properly monitor, not having the audit log at all is a significant issue for us.