Audit Log
The Audit log contains a security-relevant set of records documenting all changes done in or via ApiOmat. Records contain especially the time of the event, the user ID who was responsible for the event, the event type and the changed data. Both transient and nontransient data events are tracked, which enabled auditing external sources via modules.
SuperAdmin user can query the audit log for special events or operations in a timeframe, either for all meta data or on a per-app basis.
Audit log is disabled by default on new installations. This feature can be enabled via the YAMBAS configuration file as follows:
apiomat.yaml
common:
audit:
enabled:
true
yambas.conf
isAuditEnabled=
true
System events will be logged even if the audit log is disabled.
The Audit log page is separated into the following two sections.
Meta Data
Records containing events which change App-Backends are shown in this sections.
For a more specific search the following filters and options are available:
-
Module: show records for a specific module
-
From and To: choose the time frame
-
Operation: CREATE, DELETE, UPDATE, PROCESS
-
Customers/Organization
-
Text search: search a string in the columns objectId, objectClassName and changes
-
Custom filters: for following actions: Log in, Deploy module, Add module, Remove module, Copied module, Set new role, Download, Change password, Create module, Create application, Create class, Create attribute, Delete application, Delete class
Advanced:
-
Query: You can use our query language for filtering the records. The custom filters also use this query field, but for more customization you can extend the query with AND-Operators (see Query Guide).
-
Show system log: when this checkbox is activated, system logs are also displayed in the table
App-Backend Data
For viewing records which are written when manipulating data in an specific App-Backend, you have to use the App-Backend Data section.
Following filters are available:
-
App-Backend: choose the App-Backend
-
system: LIVE, STAGING, TEST
-
Module: filter for records in a specific module of the chosen App-Backend
-
From and To: choose the timeframe
-
Customers/Users
-
Text search: search a string in the columns objectId, objectClassName and changes
The advanced filters are the same as in the Meta Data section.
Hide sensible data
It is possible to obscure attributes from a native module that contains sensible data with the help of the annotation @SensibleData.
The content of attributes marked as such will not be stored in plain text into the audit log.
@SensibleData
private
String password =
null
;
Example
Scenario:
Imagine you are SuperAdmin and one of your customers ask you to set read roles to several customers for accessing his App-Backend. As SuperAdmin you have access to the roles menu, so you simply set the requested roles to those customers.
Several weeks later you are asked to remove those read roles again from all customers you set on that day. Your notes clarify that you made those change on 31st August 2017 between 10:00 and 12:00.
With those information you are able to filter the Audit Log to retrieve the names of the customers.
Audit Log Search:
Simply enter the date and time. Specify the custom filter to 'Set new role' and reduce the result by setting customers/organization to 'SuperAdmin'.
The result shows the changes you made on that day and time frame and reveals the customers that got read access.