Improve logging of what admins do while masqueraded

Bug #1027574 reported by Ralf Hilgenstock
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Wishlist
Jiri Baum (Catalyst)

Bug Description

Loginas is a great feature for admins to check permissiosn as a special user. In several environments its seen very critical because admins can change anything as the user who is logged in. Its not documented that the changes are not done by the user and the admin did them.

It makes ot of sense to document that an admin changed anything in the name of the user. I've two ideas how to do this:
1. mark all changs in the interface as "changed by admin [name of admin] [date and time] of change".
2. write changes done by admin when logged in as a user into a seperate database and create a report page that shows this database information sortable by date, user and admin who made changes. This report should include:
- date and time of login as
- date and time when login as was finished
- did admin make changes in the name of the user?
- who logged in as other user (name of admin)
- login as which user [name of user]
- where was change done [URL]
- old entry from user
- changed and stored new entry by admin

The report should only by accessible for site admins.
The report should be downloadable.
If files were added or deleted or renamed the information should be included but notthe file istself.

summary: - loginas
+ Improve logging of what admins do while masqueraded
Changed in mahara:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

Dirk has already put a wishlist item up for something similar at https://bugs.launchpad.net/mahara/+bug/900983 There he wants to let users know when an admin was in the account.

I would add to your proposal that institution admins should be able to see a report for the members they are managing and the site admins can see everything.

With the access reports in 1.5 we can reduce some of the necessity to "login as" another user, but it's not entirely avoidable.

What would you say to also display to a user when an admin had accessed the account?

Revision history for this message
Hugh Davenport (hugh-davenport) wrote :

Just a note to who picks this up, the lastaccess field is updated for a user even when being masqueraded by an admin. This should not happen, instead it should update the lastaccess field of the admin user.

Revision history for this message
Jiri Baum (Catalyst) (jiri-catalyst) wrote :

A partial implementation of this is now up on gerrit,
https://reviews.mahara.org/1940
https://reviews.mahara.org/1941
https://reviews.mahara.org/1942

Included:
+ Log everything admins do while masquerading (and optionally everything everyone does) to the database.
+ Ask the admin to provide a reason for masquerading.
+ Report of who, when and why masqueraded (start of masquerading session, including both user IDs).

Not included:
- Report of what admins did while masquerading.

Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

For testing:

There is a site option under "User settings" where the reason for masquerading can be turned on.

Logs can also be turned on in a new Site option "Logging settings".

Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

Hi Jiri,

Thanks for the development. Looks already good. :-)

Did you already work on the table in the admin area (in the User reports area) to display to the admins when another admin had logged in and for what reason? I see that you have "Logging" information that is to be written to the database, but that must be something different.

Thanks
Kristina

Revision history for this message
Jiri Baum (Catalyst) (jiri-catalyst) wrote :

There is only the one report for now, which is in the User reports section.

Go to Admin -> Users, select users and/or admins of interest, Get reports, Masquerading sessions tab.

Revision history for this message
Jiri Baum (Catalyst) (jiri-catalyst) wrote :

PS - the logging information does include events for beginning of masquerading session (patch 1940 adds this event type), so the masquerading session report just summarises those events from the log.

tags: added: nominatedfeature
Melissa Draper (melissa)
Changed in mahara:
assignee: nobody → Jiri Baum (Catalyst) (jiri-catalyst)
milestone: none → 1.7.0
Melissa Draper (melissa)
Changed in mahara:
status: Triaged → Fix Committed
Aaron Wells (u-aaronw)
Changed in mahara:
status: Fix Committed → Fix Released
Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

A new wishlist item bug #1213875 has been opened to capture any further work so as to keep better track of things.

no longer affects: mahara/1.8
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.