Task #2615
closedChange of a confidential value (e.g. system credentials) isn't always recorded in the audit
100%
Description
Tested on 10.4.3 and 10.6.3
When changing some confidential attribute - typically credentials for a connected system, or some confidential application property - then the change isn't sometimes visible in the audit of IdM. If the last modifier of the value is different from the current modifier, it appears in the audit, otherwise it doesn't.
This is troublesome when solving some support incidents - we can't depend on the info in the audit if any change was made (and when).
The exact value shouldn't be audited of course, because it's confidential, but we need some way to record the change in the audit.
Note: After consultation with Ondra, the column "modified" is changed in the corresponding record of type IdmConfiguration and IdmConfidentialStorageValue, but changing this column isn't audited mainly for some other good reason - updating sync token during synchronization. So this task may be difficult to solve.
Related issues