Bug #3766
closed
It is impossible to know who has created or removed an API account for Rudder
Added by Nicolas PERRON almost 11 years ago.
Updated almost 11 years ago.
Category:
Web - Maintenance
Description
An API account is like an admin one since it has many rights on the application but there is no log about its creation or removal in the event log.
In this situation, it could be possible to create an API account to destroy all the configuration or do something harmful, remove the API account without knowing who where behind. In my opinion, we should at least know who created and removed any API account.
- Assignee set to François ARMAND
- Tracker changed from Bug to User story
- Target version changed from 2.7.0~beta1 to 2.7.0~rc1
- Assignee deleted (
François ARMAND)
- Tracker changed from User story to Bug
- Status changed from New to 8
- Assignee set to Nicolas CHARLES
I absolutely agree, this is really a problem. And this is a bug, not a user story - no changes should be possible in Rudder without event logs.
- Priority changed from N/A to 1
- Status changed from 8 to In progress
- Status changed from In progress to 8
- Status changed from 8 to In progress
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- % Done changed from 0 to 100
- Pull Request set to https://github.com/Normation/rudder/pull/282
- Pull Request changed from https://github.com/Normation/rudder/pull/282 to https://github.com/Normation/rudder/pull/283
- Status changed from Pending technical review to Pending release
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.7.0~rc1, which was released today.
Check out:
Also available in: Atom
PDF
Updated by Nicolas PERRON 
Updated by 
Updated by 
Updated by