Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
Stash is missing proper logging mechanisms. I'm not saying about logging each GET/POST/PUT, but I'm talking about access control logging. Gitorious has something called Activities and I think something like this should be included in Stash. Administrators and project leaders/contributors etc. has to know who has access to what, who get access to which repository/branch etc.
To sum up:
- base log to the file (grep'able by admins) where actions like granting, revoking access to the repository/branch should be logged. (Date, who gave the access, who get the access and to what)
- later something like dashboard/activity list similar to Gitorious or Bitbucket's (afair bitbucket has something like that) shoud be visible to each user (GUI component) under the repository and project.
- easy way to filter these messages (activities) from the GUI
ps. I've never used JIRA, so if anything is wrong with this ticket (missing story, labels etc.) let me know, I'll fix it, because in my opinion this is must-have-Feature for enterprise repository. There is always someone who wants to control or be able to check who, when and to what get access or made any changes.
Attachments
Issue Links
- is duplicated by
-
BSERV-3186 Provide better logging/audits for failed access attempts
- Closed
-
BSERV-3541 Audit permission on all projects and repositories
- Closed
-
BSERV-3752 Log/History of administrative actions within Stash
- Closed