Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31279

Provide a way to differentiate a view from a download in the audit trail

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2021.26
    • Fix Version/s: 2023.0, 2021.29
    • Component/s: Rest API
    • Release Notes Summary:
      You can now specify the download reason when download a blob.
    • Release Notes Description:
      Hide

      The download client reason can be specified within a REST call by providing a query parameter or a HTTP header when downloading a blob.

      The query parameter is clientReason, see below a cURL example:

      curl -u Administrator:Administrator 'http://localhost:8080/nuxeo/nxfile/default/362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0&clientReason=view'

      The HTTP header is X-Client-Reason, see below a cURL example:

      curl -H 'X-Client-Reason: view' -u Administrator:Administrator 'http://localhost:8080/nuxeo/nxfile/default/362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0'

      This information can then be retrieved in the extended object of audit entry under the name clientReason.

      Show
      The download client reason can be specified within a REST call by providing a query parameter or a HTTP header when downloading a blob. The query parameter is clientReason , see below a cURL example: curl -u Administrator:Administrator 'http: //localhost:8080/nuxeo/nxfile/ default /362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0&clientReason=view' The HTTP header is X-Client-Reason , see below a cURL example: curl -H 'X-Client-Reason: view' -u Administrator:Administrator 'http: //localhost:8080/nuxeo/nxfile/ default /362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0' This information can then be retrieved in the extended object of audit entry under the name clientReason .
    • Epic Link:
    • Tags:
    • Sprint:
      nxplatform #73, nxplatform #74
    • Story Points:
      3

      Description

      Currently, every time a user views a document containing a file, this action is logged as a download in the audit trail.

      While technically correct, this prevents managers / administrators from getting a meaningful audit that reflects actions taken by a user and / or to perform a security audit (e.g., did that person download sensitive content before leaving the company?).

      ______________

      As a developer, I can provide a parameter to the REST API in order to differentiate the different actions available in the UI:

      • View
      • Download

      AC:

      • The resulting action is stored as such in the document audit trail

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-17311 Too many "download" events are logged in History

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. NXP-28501 Add a "UI Download" event when the file is manually downloaded

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. NXP-24203 Audits don't reflect user actions

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. NXP-24204 Improve audit screen

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. NXP-28864 history should distinguish between a "view" and a "real"/user download

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Task - A task that needs to be done. WEBUI-917 Analysis on view vs download

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is required by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. WEBUI-916 NXUI: View vs download

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NEV-625 Make NEV blob retrieval a view instead of download event in audit trail

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: