Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.11.0, 7.11.0-alpha5
Affects Version/s: None
Component/s: engine
Labels:
None

Description

There are operation log entries that can be read and deleted without authorization, this includes:

Standalone task operation logs
Standalone job operation logs
Admin log (user, tenant, group, membership, authorization, ...)
Metrics operation logs
Case (Instance, Definition) operation logs
Decision definition operation logs
Deployment operation logs
Batch operation logs
Filter operation logs
Property operation logs (e.g. license key)

There needs to be an authorization for those logs as well, e.g. by establishing new permissions on a new resource UserOperationLog.

Hint:
Old log entries (pre 7.11.0) and new log entries need to be treated, the old entries can be identified by CATEGORY_ being null.

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Issue Links

is related to

CAM-10331 Filters are not respected for user operation logs query

Closed

CAM-10318 Add Authorization Page for Operation Log

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Tobias Metzke-Bernstein

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/May/19 8:15 AM

Updated:: 17/May/19 4:25 PM

Resolved:: 15/May/19 3:59 PM

Salesforce