Security changes audit

Starting from version 2.5 Genesis has an audit for security changes. No REST or UI provided. A special table is created in Genesis schema with the following content (MySQL syntax):

CREATE TABLE `permission_changes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `roleName` varchar(64) DEFAULT NULL,
  `projectId` int(11) DEFAULT NULL,
  `confId` int(11) DEFAULT NULL,
  `changeType` int(11) NOT NULL,
  `payloadType` int(11) NOT NULL, 
  `changedItem` varchar(255) NOT NULL,
  `changedAt` datetime NOT NULL,
  `changedBy` varchar(128) NOT NULL,
  PRIMARY KEY (`id`)
)

Columns meaning

Name	Meaning
id	Record identifier
roleName	Name of changed security role, if applicable. This field is NULL when environment configiration is changed. Otherwise, possible values includes: ROLE_GENESIS_ADMIN for system-wide admin (projectId is null) ROLE_GENESIS_USER for a simple user (projectId is null) ROLE_GENESIS_READONLY for a read-only system user (projectId is null) ROLE_GENESIS_PROJECT_ADMIN for project administrator (projectId holds an identifier for changed project) ROLE_GENESIS_PROJECT_USER for project user (projectId holds an identifier for changed project)
projectId	Project identifier. This field is always null when system role is changed
confId	Environment configuration identifier. This field is null when system role or predefined project role is changed.
changeType	Type of change. 0 for insertion, 1 for deletion
payloadType	Type of deleted or created entity. 0 for users, 1 for user groups.
changedItem	User or group name added or deleted
changedAt	Date and time of change (Genesis server local time)
changedBy	User name of user that made change

Examples

Find all additions to a system role 'ROLE_GENESIS_ADMIN':

select changedItem, changedAt, changedBy from permission_changes where roleName = 'ROLE_GENESIS_ADMIN' and changeType = 0;

Find all changes in predefined roles:

select roleName, changeType, changedItem, changedAt, changedBy from permission_changes where roleName is not null

Find all changes in specified project with id = 1 (without configuration):

select roleName, changeType, changedItem, changedAt, changedBy from permission_changes where roleName is not null and projectId = 1

Find only user changes in specified project with id = 1 (without configuration):

select roleName, changeType, changedItem, changedAt, changedBy from permission_changes where roleName is not null and projectId = 1 and payloadType = 0

Find all changes in specified configuration (conf. id = 1, project id = 1):

select changeType, changedItem, changedAt, changedBy from permission_changes where projectId = 1 and confId = 1

Security changes audit

Columns meaning

Examples

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally