Spike: Identify which sensitive admin actions are and are not logged

[john-thomas-dotcms]

Parent Issue

No response

Task

Task

We need to identify which of the following actions, when performed by any user, are logged. Specifically, for each of the actions, we need to identify:

• Which log file (if any) is it logged to?
• What information is in the log message:
  • Can the affected object (user, site, etc.) be identified from the log message?
  • Can the user who performed the action be identified from the log message?
• Is the action logged differently when performed from the BE vs. from the API?

Actions

1. Users & Permissions:

• [ ] Add a new user
• [ ] Delete a user
• [ ] Enable/Disable a user
• [ ] Assign a new role to a user (specifically the CMS Admin role)
• [ ] Remove a role from a user (specifically the CMS Admin role)
• [ ] Impersonate a user (using the Login As functionality)

2. Plugins

• [ ] Upload a plugin
• [ ] Start a plugin
• [ ] Stop a plugin
• [ ] Restart OSGI

4. Sites

• [ ] Add a site
• [ ] Edit a site
• [ ] Start a site
• [ ] Stop a site
• [ ] Delete a site

5. Maintenance portlet

• [ ] Re-index
• [ ] Deactivate an index
• [ ] Clear an index
• [ ] Delete an index

6. Configuration portlet

• [ ] Upload license pack
• [ ] Reset license

Proposed Objective

Customer Success

Proposed Priority

Priority 2 - Important

Acceptance Criteria

Provide a document with a table listing each of the actions on one row, with the name of the action in the first column, and answers to each of the questions in subsequent columns, something like the following:

Action	Logged (Y/N)	Log file	Object Logged (Y/N)	User Logged (Y/N)	API Calls Logged (Y/N)
Add a user	Y	dotcms.log	Y	Y	Y
Delete a user	Y	access.log	N	Y	Y

Time-box the effort to 1 day's worth of work.

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

No response

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response