Project

General

Profile

Bug #3150

Change Access restriction functionality to log records

Added by Robert Waltz over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Robert Waltz
Category:
d1_log_aggregation
Start date:
2012-08-22
Due date:
% Done:

100%

Milestone:
CCI-1.0.4
Product Version:
*
Story Points:
Sprint:

Description

  • Rights holder has same level of access as the membernode subject. It will return a full log record, subject/ip address. Anyone who has permission to read a log entry may read the entire entry.
  • Access Policy : having change permission permission = rights holder for log Access. equivalent identities & groups
  • Track who has read for log records for further aggregation of metrics/statistics

  • Subjects that have full access to CN.getLogRecords():

    returns all log records, not filtered based on session subject

    public user access: NO

    system administrators, CN subjects and report generators YES

  • Subjects that have partial access to CN.getLogRecords():

    filtered based on session subject

    public user access: NO

    authoritative MN associated principle (node client certificate subject) has access to log records about objects related to that MN (authoritative MN only, but what about replicas MNs-- NOOO!!!)

    subjects that have changePermission permission on PID have access to log records about objects

    rights holder for PID have access to log records about objects

History

#1 Updated by Robert Waltz over 12 years ago

  • Target version changed from Sprint-2012.33-Block.5.1 to Sprint-2012.35-Block.5.2

#2 Updated by Robert Waltz over 12 years ago

  • Status changed from New to In Progress

#3 Updated by Robert Waltz over 12 years ago

  • Status changed from In Progress to Testing

#4 Updated by Robert Waltz over 12 years ago

  • Status changed from Testing to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)