21 VOTE

As an admin, I want a centralized audit log

At the moment, for each secure macro, there is an audit log.  However, it would be beneficial to have a centralized audit log (for all secure macros).

  • Immanuel Siagan
  • Dec 5 2018
  • Needs review
  • Attach files
  • Andy Murtagh commented
    17 Feb 09:25am

    Absolutely agree. This is also heavily related to my own suggestion:

     

    https://ideas.atlassian.servicerocket.com/ideas/SEC-I-47

     

    Mine relates to the behind-the-scenes element of this, using queries against the Confluence database I've built a centralized log myself which works perfectly, but if there are multiple macros on the page the current database schema doesn't allow you to identify WHICH one on a page you're referring to, so you'd have to consider everything on a page compromised. My idea involves creating an additional link in the database tables for the plugin to allow the identification of specific macros so where there's more than one on a page you can be specific in which ones have been compromised.

     
  • George Charikiopoulos commented
    8 Jul, 2019 01:47pm

    Absolutely necessary feature for an admin.

    We use your addon to securely distribute passwords to employees. We have more than 30 secure-macros across our Confluence instance.

    When an employee leaves the company, we need to review the audit logs one by one to find out which passwords they had access to and then change them.

    This is a really painful process, where a centralised audit log would make wonders!

     
  • Flow Aem commented
    6 Dec, 2018 03:42pm

    Totally makes sense for Confluence-admin to at least see what happens with the Secure-Macro-Blocks

  • and 12 more