This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Disable Audit logs (Organization History) access for certain roles

Posted on 02-10-2023 02:41 AM
JBalker
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everybody,

I'm looking for a way to limit access to the ' Audit logs' page in Apigee Edge Private cloud.

My client has external logging and does not want everybody to be able to access these types of logs.

I tried adding an empty permission for audits/organizations/*, I know this is probably not the right permission, but wanted to try something.

 

Anyone has any ideas?

 

Regards,

Jo-An

1 7 280
Topic Labels
7 REPLIES 7

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

I don't believe this is supported for audits.

However, there was a flag added that will only allow org administrators to view audits (isAuditEnabledOnlyForOrgAdmin)

Please refer to

https://docs.apigee.com/release/notes/210308-apigee-edge-public-cloud-release-notes

It's include in OPDK as part of this release https://docs.apigee.com/release/notes/4500009-private-cloud-relnotes

0 Likes

Posted on --/--/---- --:-- AM
JBalker
Bronze 1
Bronze 1
In response to dknezic
Reply posted on --/--/---- --:-- AM

Hi @dknezic ,

Thanks for your reply.  I tried setting the flag with the Organizations api as a property.

curl --location --request POST 'https://url/v1/o/sandbox' \
--header 'Authorization: Basic XXXXXXXXXXXXX' \
--header 'Content-Type: application/json' \
--data-raw '{
  "properties": {
        "property": [
            {
                "name": "isAuditEnabledOnlyForOrgAdmin",
                "value": "true"
            }
        ]
    }
}'

Unfortunately it does not seem to work. Can this flag be set as an org property?

 

Regards,

 

Jo-An

 

0 Likes

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

One note, when updating properties is you should be including all the existing properties that were set in your org as this will override.

When you say it doesn't work, what response are you getting?

0 Likes

Posted on --/--/---- --:-- AM
JBalker
Bronze 1
Bronze 1
In response to dknezic
Reply posted on --/--/---- --:-- AM

So the curl works however the result is not as expected.
A user with the standard 'user' role for instance can still view the audits in the UI.

0 Likes

Posted on --/--/---- --:-- AM
dknezic
Staff
In response to JBalker
Reply posted on --/--/---- --:-- AM

Also what version of OPDK are you on? As the feature was introduced in 4.50.00.09

0 Likes

Posted on --/--/---- --:-- AM
JBalker
Bronze 1
Bronze 1
In response to dknezic
Reply posted on --/--/---- --:-- AM

Were currently on 4.51.00.11

0 Likes

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

I believe it also needs a features. prefix eg features.isAuditEnabledOnlyForOrgAdmin

if that still doesnt work, it might be best to then raise an Apigee support case.

0 Likes
Top Solution Authors
View all