Improve audit logging for users added via space import

Summary

When importing spaces to Confluence Cloud, users will be automatically imported in order to map entries to these accounts.

Although the documentation mentions that user accounts will not have product access granted, accounts will still get imported:

This procedure will not import:

• user accounts, meaning it doesn't give users product access or add them to any groups. It will, however, import some user data connected to the spaces you're importing. This is to make sure that mentions, comments, and page history stay active. User data that will be imported includes:

• • full name

• • username (discarded after importing)

• • email address

There is also a different suggestion to cover it:

Confluence Space Imports are now Adding users to the site - https://jira.atlassian.com/browse/CONFCLOUD-72064

Context

When users are "imported" with the space, no invites or emails should be triggered, meaning that such entries will not be added to the organization audit logs.

Suggestion

As this brings security concerns to administrators looking to understand how accounts were added to the instance, this is a suggestion to include such entries in the audit logs.

For example:

• On the organization audit logs, clarify that "A B C users were added via space import".
• In the audit logs of Confluence, for the entries showing User created, replace it with User created via space import
• Trigger an email for the administrators that users "A B C now have access to the site via spaces that were imported"