Task #447

Updated by Alena Peterov√° over 4 years ago

Audit log -> Entity history
We need filter, where you can put the login of the user, e.g. "johndoe". The table then must show following records:
* changes of this identity (IdmIdentity records)
* changes of the contracted positions for this identity (IdmIdentityContract records)
* changes of the permissions (roles) for this identity (all records that hold this information)
* changes of the extended attributes of the identity

We need to see the name of the changed role or the contract, not only its ID, because ID tells me nothing.

Currect logs would be hard to use in production, solving support incidents would be complicated and time-consuming.

Use-case (long version):

Typical support incident is "Identity xyz can't login to IdM, or AD,.... Their attributes/roles/block status/... are wrong. Explain why IdM did this!"
You don't know when, you don't know who, you don't know why the identity has wrong settings. You need to find ALL changes that happened on this specific identity during last weeks, months or even years. Then you can find the reason (which can be really anything, e.g. administrator made mistake, a personalist made some typo in HR system and contract went inactive, manager accidentally resetted password or disabled the user, approver denied approval task for role even if he thought he approved it, synchronization didn't handle the user in last few weeks, personal processes started something unexpected,...) and you can prove that IdM works as it should.
Therefore you need to be able to filter all changes and relations for one specific identity historically. Even for contracts that are no longer active, roles that are no longer used,...


Go to top