Enhancing Audit Logs for Role Actions and Impersonation

Introduction

In today's digital world, keeping data secure and transparent is crucial for organizations. At Liferay, we understand that our users need to know who's using their systems and what they're doing. That's why we've developed a solution that improves audit logs, focusing on role actions and impersonation events. But why did we create this feature, and what does it do? Let's take a closer look.

 

IMPERSONATION:

 

When it comes to IMPERSONATION events, this feature goes the extra mile to include the following crucial information in the audit logs:

 

  • Email Address: The email address of the user involved in the impersonation.

  • User ID: The unique identifier of the user (doAsUserId).

  • User Name: The name of the user (doAsUserName).
     

This detailed information sheds light on who is being impersonated, providing clarity and transparency.

 

ASSIGN/UNASSIGN Role Assignment of Users:

 

For ASSIGN/UNASSIGN events involving the role assignment of individual users, the audit logs now contain:

 

  • User ID: The unique identifier of the user (userId).

  • User Email Address: The email address of the user being assigned or unassigned.
     

This data ensures that any changes in user roles are meticulously tracked and documented.

 

ASSIGN/UNASSIGN Role Assignment of Organizations/User Groups/Sites:

 

In cases where roles are assigned or unassigned to organizations, user groups, or sites, the audit logs are enriched with:

 

  • ID: The unique identifier (e.g., organizationId) of the entity.

  • Name: The name (e.g., organizationName) of the entity.
     

This information provides insight into which organizations, groups, or sites have undergone role assignment changes.


 

Steps
 

The good news is that this feature doesn't require any additional setup beyond the normal audit logging-related settings. Once your audit logging is configured, the enhanced information for IMPERSONATION and ASSIGN/UNASSIGN events is automatically captured and stored in the logs.

 

In conclusion, the enhanced audit logging for role actions and impersonation events is a valuable addition to any organization's security and compliance toolbox. It provides a deeper understanding of who is performing what actions within your systems, ultimately strengthening data security and accountability.

 

This feature will be available in the upcoming Q4 quarterly release.