Expected Behaviour

All audit log activities relating to exporting a space should list the actor as the user that requested the export.

Actual Behaviour

The following inconsistencies exist with the actor recorded in space export audit log events:

• confluence_audit_record_space_exported — always lists Confluence as the actor, never the requesting user
• confluence_async_export_finished — inconsistently lists either the requesting user or Confluence as the actor
• confluence_export_space_download — inconsistently lists either the requesting user or Confluence as the actor

Impact

Admins and security teams are unable to reliably determine which user triggered a space export from the audit log. This undermines the audit log's usefulness for compliance, security investigations, and access reviews.

Additional Notes

The correct user appears to be available in confluence_export_space_download at least some of the time, suggesting the user context is accessible but not consistently propagated to all related audit events.