There are operation log entries that can be read and deleted without authorization, this includes:
- Standalone task operation logs
- Standalone job operation logs
- Admin log (user, tenant, group, membership, authorization, ...)
- Metrics operation logs
- Case (Instance, Definition) operation logs
- Decision definition operation logs
- Deployment operation logs
- Batch operation logs
- Filter operation logs
- Property operation logs (e.g. license key)
There needs to be an authorization for those logs as well, e.g. by establishing new permissions on a new resource UserOperationLog.
Old log entries (pre 7.11.0) and new log entries need to be treated, the old entries can be identified by CATEGORY_ being null.