Add user profile ID to audit log events #125932
Labels
enhancement
New value added to drive a business result
Feature:Security/Audit
Platform Security - Audit Logging feature
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
In #124552, we started activating a user profile upon login. That profile includes a system-generated ID which is intended to uniquely identify individuals. You will be to configure security domains to span multiple authentication providers, meaning that one user profile could be used for two "users" from two different auth providers.
Framed another way: only tracking the username can be problematic because you could have duplicate usernames from different auth providers, and it's possible that it could be two different individuals.
We should start including the user profile ID in audit events to uniquely identify individuals, in addition to the human-readable username.
We'll likely need to make changes in two different places -- once in the Authenticator for the initial login events:
kibana/x-pack/plugins/security/server/authentication/authenticator.ts
Lines 336 to 345 in ddc3000
And once in the AuditService for all scoped audit events after login:
kibana/x-pack/plugins/security/server/audit/audit_service.ts
Lines 157 to 182 in b94ef10
The text was updated successfully, but these errors were encountered: