Bug #3150
Change Access restriction functionality to log records
100%
Description
- Rights holder has same level of access as the membernode subject. It will return a full log record, subject/ip address. Anyone who has permission to read a log entry may read the entire entry.
- Access Policy : having change permission permission = rights holder for log Access. equivalent identities & groups
Track who has read for log records for further aggregation of metrics/statistics
Subjects that have full access to CN.getLogRecords():
returns all log records, not filtered based on session subject
public user access: NO
system administrators, CN subjects and report generators YES
Subjects that have partial access to CN.getLogRecords():
filtered based on session subject
public user access: NO
authoritative MN associated principle (node client certificate subject) has access to log records about objects related to that MN (authoritative MN only, but what about replicas MNs-- NOOO!!!)
subjects that have changePermission permission on PID have access to log records about objects
rights holder for PID have access to log records about objects
History
#1 Updated by Robert Waltz over 12 years ago
- Target version changed from Sprint-2012.33-Block.5.1 to Sprint-2012.35-Block.5.2
#2 Updated by Robert Waltz over 12 years ago
- Status changed from New to In Progress
#3 Updated by Robert Waltz over 12 years ago
- Status changed from In Progress to Testing
#4 Updated by Robert Waltz over 12 years ago
- Status changed from Testing to Closed