As a user/admin I can access a resource log / change history


#1

Before I get to the issue, I want to say thanks to everyone who worked on this. It is quite fantastic. I just did my first install in my Scientific Linux 7 dev environment and have been tinkering around with it for the last hour. Great job!
Thank you for the time to read my proposed feature.

Q1. What is the problem that you are trying to solve?
The environment that I really would like to use this in is one with a team. I’m comfortable that Security will OK Passbolt. However, I know that the moment Audit comes to it they are going to ask to see the log history. Who requested what password when?

How difficult would it be to have a history on a password of user/date-stamp use?

If it is there already, I apologize but I couldn’t find anything about history or access log in the documentation. Nor did I see such a history in my exploration time today.

Q2 - Who is impacted?
I think any team environment where Audit cares to know that group passwords are not just checkout at will with out any recorded interaction.

Q3 - Why is it important and/or urgent?
I think this feature would be a fantastic step into supporting those of us in restrictive environments who have audit and security teams that watch us closely. Most of the other available options are either terrible or unfortunately moving towards cloud based access (which has many negatives, the biggest for us is being on networks with zero or extremely limited Internet connectivity - updates are sneakernet harddrives). Even for my SysAdmin friends in Universities, many of them are under increasing pressure for audit-controlled-password management systems.

Q4 - What is your proposed solution? (optional)
I don’t know how hard it would be, but if there was just a recorded history tab per password. I don’t think it has to be much. Just a
“$userA create on $dateA1”
“$userA updated URL on $dateA2”
“$userB copied password on $dateB”
“$userC updated password on $dateC”

That simple logging would go a LONG way to getting Audits buy off for us to move out of dev and into full use.


#2

Hi @stack, this item is definitely on the roadmap and should be released in the course of this summer. Thanks for the good issue writeup.


#3

I didn’t see it on the roadmap page, but I did find it on this one:

“Audit logs (ETA August 2018)”

Awesome! Thank you! Marking it as solved.


#4

Hi @remy,
How do I download this new version of the Audit? has it been implemented?

Thanks in advance
Pietro


#5

@agilex it is currently not available. We will aim at releasing it early 2019.