Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31279

Provide a way to differentiate a view from a download in the audit trail

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2021.26
    • Fix Version/s: 2023.x, 2021.29
    • Component/s: Rest API
    • Release Notes Summary:
      You can now specify the download reason when download a blob.
    • Release Notes Description:
      Hide

      The download client reason can be specified within a REST call by providing a query parameter or a HTTP header when downloading a blob.

      The query parameter is clientReason, see below a cURL example:

      curl -u Administrator:Administrator 'http://localhost:8080/nuxeo/nxfile/default/362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0&clientReason=view' 

      The HTTP header is X-Client-Reason, see below a cURL example:

      curl -H 'X-Client-Reason: view' -u Administrator:Administrator 'http://localhost:8080/nuxeo/nxfile/default/362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0' 

      This information can then be retrieved in the extended object of audit entry under the name clientReason.

      Show
      The download client reason can be specified within a REST call by providing a query parameter or a HTTP header when downloading a blob. The query parameter is clientReason , see below a cURL example: curl -u Administrator:Administrator 'http: //localhost:8080/nuxeo/nxfile/ default /362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0&clientReason=view' The HTTP header is X-Client-Reason , see below a cURL example: curl -H 'X-Client-Reason: view' -u Administrator:Administrator 'http: //localhost:8080/nuxeo/nxfile/ default /362184a7-c711-459c-adc1-5d7831173dc4/file:content/dummy-2040x1360-Comb.jpg?changeToken=7-0' This information can then be retrieved in the extended object of audit entry under the name clientReason .
    • Sprint:
      nxplatform #73, nxplatform #74
    • Story Points:
      3

      Description

      Currently, every time a user views a document containing a file, this action is logged as a download in the audit trail.

      While technically correct, this prevents managers / administrators from getting a meaningful audit that reflects actions taken by a user and / or to perform a security audit (e.g., did that person download sensitive content before leaving the company?).

      ______________

      As a developer, I can provide a parameter to the REST API in order to differentiate the different actions available in the UI:

      • View
      • Download

      AC:

      • The resulting action is stored as such in the document audit trail

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: