Project

General

Profile

Actions
Copy link

Task #2615

closed

Change of a confidential value (e.g. system credentials) isn't always recorded in the audit

Added by Alena Peterová over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Audit
Target version:
12.0.0
Start date:
12/16/2020
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Tested on 10.4.3 and 10.6.3
When changing some confidential attribute - typically credentials for a connected system, or some confidential application property - then the change isn't sometimes visible in the audit of IdM. If the last modifier of the value is different from the current modifier, it appears in the audit, otherwise it doesn't.

This is troublesome when solving some support incidents - we can't depend on the info in the audit if any change was made (and when).

The exact value shouldn't be audited of course, because it's confidential, but we need some way to record the change in the audit.

Note: After consultation with Ondra, the column "modified" is changed in the corresponding record of type IdmConfiguration and IdmConfidentialStorageValue, but changing this column isn't audited mainly for some other good reason - updating sync token during synchronization. So this task may be difficult to solve.

Related issues

Related to IdStory Identity Manager - Feature #2942: Audit: Add filter by ownerClosedRadek Tomiška09/10/2021

Actions
Actions
Copy link

Also available in: Atom PDF