Check permission "auditing" #1414
Labels
kind/proposal
Something fundamentally needs to change
state/gauging interest
This needs to be championed before being worked on
state/needs discussion
This can't be worked on yet
Started from this Discord thread.
I would like to implement an audit log when particular administrator permissions are used. Starting from the global permissions example, this would mean recording every time a permission check resolves using the
platform->super_admin
permission.Some potential solutions and drawbacks summarized are:
platform->super_admin
in parallel, if the user has super_admin then log. This does not allow avoiding the log if the user has permission for the resource directly.HAS_PERMISSION
, otherwise it will returnMAYBE_HAS_PERMISSION
because of the unfilled caveat.There is an incomplete proposal here to add some marker in the schema indicating that a field is "auditable", which would include it in the check response if matched. Unfortunately, this idea is unhelpful as long as the permission check is not deterministic. Perhaps an auditable branch must be resolved in every check, however I am not knowledgeable to say how problematic this is with regard to performance.
The text was updated successfully, but these errors were encountered: