appsmith icon indicating copy to clipboard operation
appsmith copied to clipboard

[Epic] Audit Logs

Open Nikhil-Nandagopal opened this issue 5 years ago • 14 comments

Problem statement

To give admins and developers a way to view the actions performed in an instance or an application, who performed the action, what the action was, and when it was performed, to backtrace errors that occured.

Main log of events for audits and compliance that we’ll provide for the first version of this are around

  • Application specific activities - when was a change made to a page, who configured a new datasource, who ran a query and when or who deleted an existing app
  • Administrative configuration changes - who changed an admin email, when was a new group added or role modified
  • User sign-up and login activity - when a new user signed up, when was an attempted login unsuccessful and so on

Here's an excerpt from a user

Basically, I am interested in knowing about these

  • who logged into the app
  • who ran which query
  • who invited whom and with what role

Prioritised job stories

Job Label Job Stories
Application-specific activities When I have a team of developers building internal apps, I want to know who made app edits like made changes to a certain app, deployed them, moved them or deleted them and more, so I can can keep tabs on the security and access of these apps.
Application usage logs When there is a sensitive data operation that is incorrectly run, I need to be able to find out who ran the operation, and with what values so that I can prevent it from happening again and hold the person accountable.
Administrative configuration changes When there is an unwarranted or mistaken change to admin configurations, I’d like to find out who made the change and when, so I can review the change and set things right.
User sign-up and login activity When there is a new user sign up for me account, I’d like to be able to consume this information, so I can setup workflows to onboard them based on their role.
Filters for logs When I access the logs for my application, I’d like the option to search, filter and query the logs, so I can create views to see trace of user activity or debug issues with respect to an app.
Upgrades When I’m using the Community edition and want to upgrade to Business edition to access audit logs, I would like to know what the feature has to offer, so I can draw the value my team is gaining by paying for this feature.

Resources

🔗 PRD 🔗 Designs

Front logo Front conversations

Nikhil-Nandagopal avatar Mar 08 '21 13:03 Nikhil-Nandagopal

+1 on the feature.

ravenxone avatar Jul 05 '21 06:07 ravenxone

+1 on the feature.

Aazme avatar Jan 31 '22 09:01 Aazme

+1 here, outside Git Sync, this is next on the list of asks

ereio avatar Feb 09 '22 20:02 ereio

+1

rubabuddin avatar Mar 24 '22 04:03 rubabuddin

+1

Consitini avatar Mar 30 '22 04:03 Consitini

Hello all :wave:

Hope you’ve had or are still having a great weekend! We’re getting started with research for Audit Trails and would like to understand your requirements and needs around this in detail. Would be great if you can spare a few minutes to talk to us at a time that works for you.


📆 https://calendly.com/appsmith-vishak/conversations

vuiets avatar May 30 '22 06:05 vuiets

A user asked if it is possible to track app errors encountered by App Viewers. Adding this use case here. https://community.appsmith.com/t/how-do-i-get-log-details-of-the-application-which-i-built-using-appsmith/1031/2

danciaclara avatar Jun 03 '22 07:06 danciaclara

Good news!

We've kickstarted the Audit Logs project and we're in the early stages of solution explorations around this.

Meeting Notes

11 July 2022

Discussed

  • Sketched a few wireframes and put our UI ideas around for the display of logs on board
  • Identified missing analytics events, we have to get to them on a separate task
  • Set the gears in motion to throw out a prototype

Next Steps

  • @vuiets to iron out missing analytics events and the data required
  • @vuiets to look at rough categories for events
  • @Debsourabh to start wireframing the listing page for logs
  • @vishnu-gp to log existing events in PoC
  • @vishnu-gp @IAmAnubhavSaini @vuiets to close event formats

vuiets avatar Jul 13 '22 09:07 vuiets

Meeting Notes

25 July 2022

Discussed

  • We'll combine similar events into one and pass the extra information in the context object, for example for deploys instead of having app.deployed and git.branch.deployed, we'll have app.deployed and pass the git info in the context object
  • Have to discuss with the larger team as to how we are handling granular access for this for the first phase, are we going all or nothing access to logs or defining access at a resource-level? Don't context on use cases here yet. If anyone is keen on talking to us about this, please schedule some time us - 📆 https://calendly.com/appsmith-vishak/conversations
  • In connection with granular access control again, we have to discuss with the larger team if we are adding a configuration to show/hide sensitive info

Next Steps

  • @vishnu-gp to continue adding missing data to events for audit logs
  • @vasanth-appsmith to share the initial design flows and gather feedback
  • @IAmAnubhavSaini to work on frontend POC

vuiets avatar Jul 25 '22 11:07 vuiets

Adding a link to the designs for the Audit Logs here https://www.figma.com/file/Dt7cAW39VThdkTjFSMKePG/Audit-Logs

vuiets avatar Aug 02 '22 13:08 vuiets

Meeting Notes

22 Aug 2022

Discussed

A few things that we've agreed on to work on in future releases

  • Adding a log for manual instance upgrades.
  • Distinguishing between system-generated and user-generated events, especially around page updates when a migration is run on the client
  • Opening up logs for workspace admins and developers in the Business edition.

Next Steps

  • @vishnu-gp @vuiets to add events for instance setting edits
  • @vasanth-appsmith @Debsourabh to explore designs for Upgrade triggers
  • @AnaghHegde to share instance with QA for testing by 29 Aug
  • @AnaghHegde to add filter APIs for logs
  • @IAmAnubhavSaini to work on filtering in the UI, Settings page and continue integrating with APIs
  • @AnaghHegde @trishaanand to add a permission to view all audit logs

vuiets avatar Aug 22 '22 11:08 vuiets

+1 on this feature.

manokar-e5 avatar Sep 07 '22 04:09 manokar-e5

🗒️ Meeting Notes

5 Sep 2022

💬 Discussed

  • We aim to merge Audit Logs to release under feature flag by 19 Sep
  • Goal is to ship to users by 30 Sep
  • To let users filter by a time period and zero in on the logs we need a date range filter for Audit Logs
    • Gotta raise a ticket for a date range picker to design-system pod
    • Design APIs to accommodate filtering by a custom date range
    • If the design system pod can deliver a date range picker by 19 Sep, we’ll pick this up for the first public release
  • We need to close on the decision around the icons for logs by 7 Sep
  • Also discussed open items from the commitments on Product Sprint Weekly
  • Kudos to the team for sharing the deploy preview to get a first look on 2 Sep 👏 We discussed the feedback from that share and listed things to check with the design system pod for the planned design

Progress from last week

  • [x] @vishnu-gp @vuiets to close on extra data for events
  • [x] @AnaghHegde to close on filter API - date range filtering
  • [x] @vishnu-gp workspace events not logged debug and fix
  • [x] @IAmAnubhavSaini to fix the bug that doesn’t update the url/store on clicking x in the selected option
  • [x] @IAmAnubhavSaini to fix the sort order (refresh not working) bug
  • [x] @IAmAnubhavSaini to implement pagination
  • [x] @IAmAnubhavSaini to implement description
  • [x] @IAmAnubhavSaini to hide audit logs settings for now
  • [x] @Raksha Shetty to start testing on EC2 instance

🎯 Next Steps

  • [x] @vishnu-gp to add instance setting events
  • [ ] @vishnu-gp @AnaghHegde to go through all events and JSON to verify every data is available and add tests cases
  • [ ] @vishnu-gp to move the logging for Audit Logs to a background thread
  • [x] @AnaghHegde to introduce access control permission to Audit Logs
  • [x] @AnaghHegde to add unit tests for the APIs
  • [ ] @AnaghHegde to add unit tests in all the service class for verifying the events are logged
  • [ ] @RakshaKShetty to continue testing on EC2 instance
  • [ ] @hiteshjoshi to talk to design-system pod to discuss the component changes
  • [ ] @vasanth-appsmith to talk to @albinAppsmith about the dropdown and conclude the design
  • [ ] @vasanth-appsmith to provide better design solution for “End of logs”
  • [ ] @IAmAnubhavSaini to implement loading…
  • [ ] https://github.com/appsmithorg/appsmith/issues/15800
  • [ ] https://github.com/appsmithorg/appsmith/issues/15871
  • [ ] https://github.com/appsmithorg/appsmith/issues/16065
  • [ ] https://github.com/appsmithorg/appsmith/issues/16478
  • [ ] https://github.com/appsmithorg/appsmith/issues/16479

vuiets avatar Sep 07 '22 05:09 vuiets

🗒️ Meeting Notes

12 Sep 2022

💬 Discussed

  • For bulk operations will we log a separate event or cover it in the same event that tackles single operations? User invites has this dilemma.
    • So user.invited will record both single and bulk user invites; we’ll have an array in the invitedUsers object.
  • To be able to drill down at a custom time range and ask questions of the Audit Logs, we need a new date range picker component. So @Debsourabh will work on the component and pass this on to the Design System pod in a week.
  • Instance setting update key name will remain the same; some concerns over camel casing the type of resource on which the activity was performed but we are good to go with it

Progress from last week

🎯 Next Steps

  • [x] @vishnu-gp @AnaghHegde to finish with BE Unit Tests and handle test case failures
  • [x] @vishnu-gp @AnaghHegde @IAmAnubhavSaini to fix bugs raised by @RakshaKShetty
  • [x] @vishnu-gp @AnaghHegde to finish BE release PR review and merge
  • [x] @AnaghHegde to add feature flag in release for Audit Logs
  • [x] @AnaghHegde to test permission related changes for Audit Logs
  • [x] @RakshaKShetty to continue testing bug fixes on EC2 instance
  • [x] @Debsourabh to work on date range picker for Audit Logs
  • [x] @vasanth-appsmith to talk to @albinAppsmith about the dropdown and conclude the design
  • [x] @vasanth-appsmith to provide better design solution for end of logs...
  • [x] [Task]: Cleanup code and data structures #16478
  • [x] [Task]: Unit tests for audit logs #16479

vuiets avatar Sep 13 '22 06:09 vuiets