Skip to content

Security changes audit

Jump to bottom Edit New page
Svyatoslav Reyentenko edited this page Aug 1, 2013 · 3 revisions

Starting from version 2.5 Genesis has an audit for security changes. No REST or UI provided. A special table is created in Genesis schema with the following content (MySQL syntax):

CREATE TABLE `permission_changes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `roleName` varchar(64) DEFAULT NULL,
  `projectName` varchar(128) DEFAULT NULL,
  `confName` varchar(128) DEFAULT NULL,
  `projectId` int(11) DEFAULT NULL,
  `confId` int(11) DEFAULT NULL,
  `changeType` int(11) NOT NULL,
  `payloadType` int(11) NOT NULL, 
  `changedItem` varchar(255) NOT NULL,
  `changedAt` datetime NOT NULL,
  `changedBy` varchar(128) NOT NULL,
  PRIMARY KEY (`id`)
)

Columns meaning

Name Meaning
id Record identifier
roleName Name of changed security role, if applicable. This field is NULL when environment configiration is changed. Otherwise, possible values includes:
  • ROLE_GENESIS_ADMIN for system-wide admin (projectId is null)
  • ROLE_GENESIS_USER for a simple user (projectId is null)
  • ROLE_GENESIS_READONLY for a read-only system user (projectId is null)
  • ROLE_GENESIS_PROJECT_ADMIN for project administrator (projectId holds an identifier for changed project)
  • ROLE_GENESIS_PROJECT_USER for project user (projectId holds an identifier for changed project)
projectName Name of the project at the time of change, if applicable.
confName Name of the environment configuration at the time of change, if applicable.
projectId Project identifier. This field is always null when system role is changed
confId Environment configuration identifier. This field is null when system role or predefined project role is changed.
changeType Type of change. 0 for insertion, 1 for deletion
payloadType Type of deleted or created entity. 0 for users, 1 for user groups.
changedItem User or group name added or deleted
changedAt Date and time of change (Genesis server local time)
changedBy User name of user that made change

Examples

Find all additions to a system role 'ROLE_GENESIS_ADMIN':

select changedItem, changedAt, changedBy from permission_changes where roleName = 'ROLE_GENESIS_ADMIN' and changeType = 0;

Find all changes in predefined roles:

select roleName, changeType, changedItem, changedAt, changedBy from permission_changes where roleName is not null

Find all changes in specified project with id = 1 (without configuration):

select roleName, changeType, changedItem, changedAt, changedBy from permission_changes where roleName is not null and projectId = 1

Find only user changes in specified project with id = 1 (without configuration):

select roleName, changeType, changedItem, changedAt, changedBy from permission_changes where roleName is not null and projectId = 1 and payloadType = 0

Find all changes in specified configuration (conf. id = 1, project id = 1):

select changeType, changedItem, changedAt, changedBy from permission_changes where projectId = 1 and confId = 1
Add a custom footer
Add a custom sidebar
Clone this wiki locally