-
Suggestion
-
Resolution: Unresolved
-
59
-
When accessing the Audit Logs for Add-ons, changes made by System are shown as made by anonymous user, as shown on picture below:
This information should be more clear/specific, as for now showing anonymous is not helpful at all. To access these logs, go to JIRA Administration > Add-ons, navigate to Manage Add-ons and click Audit Logs.
Additional information.
When apps are installed by a user visiting the Mange-apps page on a Jira instance, then the user information is recorded correctly on the UI. However, when an app is installed from the backend by the system because a purchase order for the app was submitted or there was an app update or even a system app install, then the user information is not shown correctly on the UI and appears as 'anonymous'.
- is duplicated by
-
- Closed
- is related to
-
JRACLOUD-77967 Installing add-ons for Jira shows anonymous on the audit log instead of actual user
-
- Closed
-
-
- Gathering Interest
- relates to
-
- Closed
-
- Gathering Interest
[MP-74] Show user responsible for action on Add-on Audit Log
Our Audit team are not happy with seeing Anonymous when looking at who has made changes. Doesn't help with our governance process.
Seeing anything listed as 'anonymous' in a private Jira instance should not be acceptable
How is this not listed as a defect? Even the documentation lists this as a "known issue".
There's a known issue which prevents the Author field from displaying the username for changes that were made in the user management pages in Jira cloud products (including changes to users, groups, and application access). For example, events like users being created or assigned to groups won't include the username of the user who made the change.
Please fix this obvious defect.
Seeing who did what and when in the event history is essential for security audits and often valuable for day-to-day administration. Some events should be logged forever, like add-installations and resource creations. Who did what, when, and how exactly? Knowing, for example, how an add-on was installed (descriptor link, file upload, marketplace) is crucial to identify how to avoid getting charged for our own applications; for example, when you, let's say, as an admin, inherited a site from a former employee.