frontier icon indicating copy to clipboard operation
frontier copied to clipboard
verified publisher icon raystack

Audit trail capabilities in shield

Open aok1j1 opened this issue 4 years ago • 1 comments

Is your feature request related to a problem? Please describe. As shield does authorisation and can modify resources/policies/groups/roles - it is imperative to keep track of all the changes done through the shield api's., as part of an audit trail. The earlier version of shield implements this(activities) and also has an endpoint exposed for the same.

Describe the solution you'd like There are multiple to do this. Couple of solutions that can be discussed upon -

  1. Keep track of all changes (create, update, delete) by saving them in a flat table in database. and expose endpoints in shield itself to see the data. OR
  2. Push these changes into kafka to save, and let a consumer(another app) consume and persist while allowing to view the data.

aok1j1 avatar Dec 15 '21 05:12 aok1j1

Shield should host this data and serve through APIs to show all historic changes for a given user or resource. +1 on the first approach.

ravisuhag avatar Dec 15 '21 06:12 ravisuhag