mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #10900
[Bug 1027574] Re: Improve logging of what admins do while masqueraded
Just a note to who picks this up, the lastaccess field is updated for a
user even when being masqueraded by an admin. This should not happen,
instead it should update the lastaccess field of the admin user.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1027574
Title:
Improve logging of what admins do while masqueraded
Status in Mahara ePortfolio:
Triaged
Bug description:
Loginas is a great feature for admins to check permissiosn as a
special user. In several environments its seen very critical because
admins can change anything as the user who is logged in. Its not
documented that the changes are not done by the user and the admin
did them.
It makes ot of sense to document that an admin changed anything in the name of the user. I've two ideas how to do this:
1. mark all changs in the interface as "changed by admin [name of admin] [date and time] of change".
2. write changes done by admin when logged in as a user into a seperate database and create a report page that shows this database information sortable by date, user and admin who made changes. This report should include:
- date and time of login as
- date and time when login as was finished
- did admin make changes in the name of the user?
- who logged in as other user (name of admin)
- login as which user [name of user]
- where was change done [URL]
- old entry from user
- changed and stored new entry by admin
The report should only by accessible for site admins.
The report should be downloadable.
If files were added or deleted or renamed the information should be included but notthe file istself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1027574/+subscriptions
References
