appsmith
appsmith copied to clipboard
appsmithorg
[Epic] Audit Logs
Problem statement
To give admins and developers a way to view the actions performed in an instance or an application, who performed the action, what the action was, and when it was performed, to backtrace errors that occured.
Main log of events for audits and compliance that we’ll provide for the first version of this are around
- Application specific activities - when was a change made to a page, who configured a new datasource, who ran a query and when or who deleted an existing app
- Administrative configuration changes - who changed an admin email, when was a new group added or role modified
- User sign-up and login activity - when a new user signed up, when was an attempted login unsuccessful and so on
Here's an excerpt from a user
Basically, I am interested in knowing about these
- who logged into the app
- who ran which query
- who invited whom and with what role
Prioritised job stories
| Job Label | Job Stories |
|---|---|
| Application-specific activities | When I have a team of developers building internal apps, I want to know who made app edits like made changes to a certain app, deployed them, moved them or deleted them and more, so I can can keep tabs on the security and access of these apps. |
| Application usage logs | When there is a sensitive data operation that is incorrectly run, I need to be able to find out who ran the operation, and with what values so that I can prevent it from happening again and hold the person accountable. |
| Administrative configuration changes | When there is an unwarranted or mistaken change to admin configurations, I’d like to find out who made the change and when, so I can review the change and set things right. |
| User sign-up and login activity | When there is a new user sign up for me account, I’d like to be able to consume this information, so I can setup workflows to onboard them based on their role. |
| Filters for logs | When I access the logs for my application, I’d like the option to search, filter and query the logs, so I can create views to see trace of user activity or debug issues with respect to an app. |
| Upgrades | When I’m using the Community edition and want to upgrade to Business edition to access audit logs, I would like to know what the feature has to offer, so I can draw the value my team is gaining by paying for this feature. |
Resources
Hello all :wave:
Hope you’ve had or are still having a great weekend! We’re getting started with research for Audit Trails and would like to understand your requirements and needs around this in detail. Would be great if you can spare a few minutes to talk to us at a time that works for you.
📆 https://calendly.com/appsmith-vishak/conversations
A user asked if it is possible to track app errors encountered by App Viewers. Adding this use case here. https://community.appsmith.com/t/how-do-i-get-log-details-of-the-application-which-i-built-using-appsmith/1031/2
Good news!
We've kickstarted the Audit Logs project and we're in the early stages of solution explorations around this.
Meeting Notes
11 July 2022
Discussed
- Sketched a few wireframes and put our UI ideas around for the display of logs on board
- Identified missing analytics events, we have to get to them on a separate task
- Set the gears in motion to throw out a prototype
Next Steps
- @vuiets to iron out missing analytics events and the data required
- @vuiets to look at rough categories for events
- @Debsourabh to start wireframing the listing page for logs
- @vishnu-gp to log existing events in PoC
- @vishnu-gp @IAmAnubhavSaini @vuiets to close event formats
Meeting Notes
25 July 2022
Discussed
- We'll combine similar events into one and pass the extra information in the context object, for example for deploys instead of having
app.deployedandgit.branch.deployed, we'll haveapp.deployedand pass the git info in the context object - Have to discuss with the larger team as to how we are handling granular access for this for the first phase, are we going all or nothing access to logs or defining access at a resource-level? Don't context on use cases here yet. If anyone is keen on talking to us about this, please schedule some time us - 📆 https://calendly.com/appsmith-vishak/conversations
- In connection with granular access control again, we have to discuss with the larger team if we are adding a configuration to show/hide sensitive info
Next Steps
- @vishnu-gp to continue adding missing data to events for audit logs
- @vasanth-appsmith to share the initial design flows and gather feedback
- @IAmAnubhavSaini to work on frontend POC
Adding a link to the designs for the Audit Logs here
https://www.figma.com/file/Dt7cAW39VThdkTjFSMKePG/Audit-Logs
Meeting Notes
22 Aug 2022
Discussed
A few things that we've agreed on to work on in future releases
- Adding a log for manual instance upgrades.
- Distinguishing between system-generated and user-generated events, especially around page updates when a migration is run on the client
- Opening up logs for workspace admins and developers in the Business edition.
Next Steps
- @vishnu-gp @vuiets to add events for instance setting edits
- @vasanth-appsmith @Debsourabh to explore designs for Upgrade triggers
- @AnaghHegde to share instance with QA for testing by 29 Aug
- @AnaghHegde to add filter APIs for logs
- @IAmAnubhavSaini to work on filtering in the UI, Settings page and continue integrating with APIs
- @AnaghHegde @trishaanand to add a permission to view all audit logs
🗒️ Meeting Notes
5 Sep 2022
💬 Discussed
- We aim to merge Audit Logs to release under feature flag by 19 Sep
- Goal is to ship to users by 30 Sep
- To let users filter by a time period and zero in on the logs we need a date range filter for Audit Logs
- Gotta raise a ticket for a date range picker to design-system pod
- Design APIs to accommodate filtering by a custom date range
- If the design system pod can deliver a date range picker by 19 Sep, we’ll pick this up for the first public release
- We need to close on the decision around the icons for logs by 7 Sep
- Also discussed open items from the commitments on Product Sprint Weekly
- Kudos to the team for sharing the deploy preview to get a first look on 2 Sep 👏 We discussed the feedback from that share and listed things to check with the design system pod for the planned design
⌛ Progress from last week
- [x] @vishnu-gp @vuiets to close on extra data for events
- [x] @AnaghHegde to close on filter API - date range filtering
- [x] @vishnu-gp workspace events not logged debug and fix
- [x] @IAmAnubhavSaini to fix the bug that doesn’t update the url/store on clicking x in the selected option
- [x] @IAmAnubhavSaini to fix the sort order (refresh not working) bug
- [x] @IAmAnubhavSaini to implement pagination
- [x] @IAmAnubhavSaini to implement description
- [x] @IAmAnubhavSaini to hide audit logs settings for now
- [x] @Raksha Shetty to start testing on EC2 instance
🎯 Next Steps
- [x] @vishnu-gp to add instance setting events
- [ ] @vishnu-gp @AnaghHegde to go through all events and JSON to verify every data is available and add tests cases
- [ ] @vishnu-gp to move the logging for Audit Logs to a background thread
- [x] @AnaghHegde to introduce access control permission to Audit Logs
- [x] @AnaghHegde to add unit tests for the APIs
- [ ] @AnaghHegde to add unit tests in all the service class for verifying the events are logged
- [ ] @RakshaKShetty to continue testing on EC2 instance
- [ ] @hiteshjoshi to talk to design-system pod to discuss the component changes
- [ ] @vasanth-appsmith to talk to @albinAppsmith about the dropdown and conclude the design
- [ ] @vasanth-appsmith to provide better design solution for “End of logs”
- [ ] @IAmAnubhavSaini to implement loading…
- [ ] https://github.com/appsmithorg/appsmith/issues/15800
- [ ] https://github.com/appsmithorg/appsmith/issues/15871
- [ ] https://github.com/appsmithorg/appsmith/issues/16065
- [ ] https://github.com/appsmithorg/appsmith/issues/16478
- [ ] https://github.com/appsmithorg/appsmith/issues/16479
🗒️ Meeting Notes
12 Sep 2022
💬 Discussed
- For bulk operations will we log a separate event or cover it in the same event that tackles single operations? User invites has this dilemma.
- So
user.invitedwill record both single and bulk user invites; we’ll have an array in theinvitedUsersobject.
- So
- To be able to drill down at a custom time range and ask questions of the Audit Logs, we need a new date range picker component. So @Debsourabh will work on the component and pass this on to the Design System pod in a week.
- Instance setting update key name will remain the same; some concerns over camel casing the type of resource on which the activity was performed but we are good to go with it
⌛ Progress from last week
- [x] @vishnu-gp to add instance setting events
- [x] @AnaghHegde to introduce access control permission to Audit Logs
- [x] @AnaghHegde to add unit tests for the APIs
- [x] @IAmAnubhavSaini to implement loading…
- [x] [Task]: Implement infinite scroll for logs #15800
- [x] [Task]: Implement next page load on scroll for audit logs #15871
- [x] [Task]: Update more menu with actual menu-options for audit-logs-v1 #16065
🎯 Next Steps
- [x] @vishnu-gp @AnaghHegde to finish with BE Unit Tests and handle test case failures
- [x] @vishnu-gp @AnaghHegde @IAmAnubhavSaini to fix bugs raised by @RakshaKShetty
- [x] @vishnu-gp @AnaghHegde to finish BE release PR review and merge
- [x] @AnaghHegde to add feature flag in release for Audit Logs
- [x] @AnaghHegde to test permission related changes for Audit Logs
- [x] @RakshaKShetty to continue testing bug fixes on EC2 instance
- [x] @Debsourabh to work on date range picker for Audit Logs
- [x] @vasanth-appsmith to talk to @albinAppsmith about the dropdown and conclude the design
- [x] @vasanth-appsmith to provide better design solution for end of logs...
- [x] [Task]: Cleanup code and data structures #16478
- [x] [Task]: Unit tests for audit logs #16479