Summary

Currently, when a user is added via granting a role, the audit log does not record any associated group additions. Conversely, when a user is added to a group, the audit log does not show which roles were granted.

This inconsistency makes it difficult for auditors to reliably determine how user access has changed, resulting in an incomplete audit trail.

Current behaviour

• When user is granted role, only the role name and the product name is added in audit log. Groups the user getting added are not included.

• When a user is added to a group, it will not show the roles granted

Expected behaviour

Enhance the audit log functionality so that:

• When a user is granted a role, any group changes associated with that action are also logged. Whichever groups user is getting added should also be logged.

• When a user is added to a group, any roles granted as a result are clearly recorded in the audit log.
  This will provide a complete and consistent audit history, enabling auditors to accurately track all changes to user access and permissions.

Workaround

• Org admins can fetch the information regarding roles associated with a group by clicking on the group name in the Audit log which takes them to the https://admin.atlassian.com/o/<orgID>/groups/<groupID> where we can find the associated role.
• Org Admins can also navigate to https://admin.atlassian.com > Products/Apps > Manage product to identify the groups associated with each role.