Auditing
NB: Above diagram is a first draft. Please comment if it needs amending.
All necessary actions on the system must be audited. If there are events that users need to query or report on they will do that from the Audit Service. The audit action must also happen asynchronously.
Example Actions That Will be Audited
- Administrator creates a role
- Administrator updates a role
- Administrator deletes a role
- A call is created (Action is "Create Call")
- Administrator Deletes a Call (Action is "Delete Call")
- Administrator moves a call from Local Storage to Local Storage (Action is "Admin Move Call")
- The System moves a call from Local Storage to Local Storage (Action is "Move Call")
- The System moves a call from AWS S3 to Azure Hot Storage (Action is "Move Call to Hot")
- The System moves a call from Azure Hot Storage to Azure Cold Storage (Action is "Move Call to Cold")
- The System moves a call from Azure Cold Storage to Azure Hot Storage (Action is "Move Call from Cold")
- System User Suppresses audio for their call (Action is "Suppress Audio")
- System User performs a search on call metadata (Action is "Search Metadata")
- System User performs a search on a call transcription (Action is "Search Transcription")
Example Queries that Will be Searched
- Show me all the actions that User Kirill performed.
- Show me all the users that searched for (transcription.BeginsWith="Hello")
- Show me all the users that were disabled between January and February 2018
- Show me when a call was moved to cheaper storage.
DB Schema
| Column | Mandatory | Details |
|---|---|---|
| Id | Yes | Unique Id (GUID) of this entry |
| TimeStamp | Yes | When the action was performed (UTC) |
| TenantId | Yes | ID of the tenant it was performed on |
| User | Yes | GUID of the user who performed the action. Can be an action that the system performed - Will the system have a GUID? |
| Action | Yes | What action was performed |
| ObjectId | No | GUID of the object that the action was performed on. eg: CallId, RoleId |
| CausationEventID | Yes(?) | ????? |
| Detail | No | Depending on the action this will contain some information about the action. eg: Name of the Role that was created Search criteria |
| Status | Yes | 1 = Success 2 = Failure |
| Failure Detail | No | If Status was 2 - Why did it fail? eg: Insufficient Permissions |
Actions
As parts of the system have already been developed, once the architecture has been finalised, the BA team will create stories for all of the past actions to be audited. The search functionality may not be delivered as part of September MVP.
Example:
User Story
As a developer
I want to audit that a role has been created
So that it meets the criteria for actions that require auditing
Acceptance Criteria
- Appropriate response is returned if action was audited
- Appropriate response is returned if action was not audited
- Audit data includes:
- Timestamp - The date and time when the action was carried out. Please note that as auditing is asynchronous this is not the time of the audit.
- TenantID - This is the Tenant ID of the Tenant that created the role.
- User - The GUID of the User who is creating the role
- Action - "Create Role" (Or do we use the Event Store event?)
- ObjectId - The GUID of the new role that is created
- CausationEventId - This is the identifier of the actual event in EventStore
- Detail - The name of the new role that is being created
- Status - The result of the Action. 1 = Success; 2= Failure
- Failure Detail
- Insufficient Permissions
- Role already exists
- Invalid characters in Role name
Plan
Given the business requirements and suggested approach I think we overestimated this feature. In my view, estimation should be reduced to M/M+
- Audit service. Service responsible for reading Audit stream and creating it's projection in Elastic Search
- AuditSubscriber - service itself
- Event Store projection that will copy events to the audit streams
- DevOps: start Event Store with custom projections
- Audit API. Basic api to retrieve audit events
- Extend commands event metadata and put there fields needed for the audit (initiator, entityID, etc)
- Generate audit events for auth operations (login/logout, permission validation failures on API Gateway, etc)
This plan doesn't include UI for the audit, I guess it can be moved to a separate feature and estimated to something like M itself since would require a lot of mappings and parsing depending on the event type
Event list to be tracked
Media Added
Media Stream Ended
Call Ended
Call Started
Call Processed
Transcription Ready
Call Suppression Changed
Call Record State Changed
Device Added
Device Updated
Device Deleted
Agent Added
Agent Updated
Agent Deleted
Call Realtime Subscribed
Call Realtime Unsubscribed
Compose File
Index Metadata
Check For Duplicate
Retain Call
Discard Call
Metadata Indexed
File Composed
Add Claims Map
Add Role
Add Role Permissions
Add User
Assign Role
Delete Claims Map
Delete Role
Delete Role Permissions
Unassign Role
Update Claims Map
Update Role
Update User
Lock Call
Unlock Call
Create Annotation Header
Update Annotation Header
Delete Annotation Header
Create Annotation
Update Annotation
Delete Annotation
Call Record State Changed Call Suppression Changed Call Realtime Subscribed Call Realtime Unsubscribed Device Realtime Subscribed Device Realtime Unsubscribed Export Metadata Export Media Search Annotation Header Create Annotation Header Update Annotation Header Delete Collector Added Collector Updated Collector Deleted Device auto-provisioned Device discovered Annotation Value Added Annotation Value Updated Annotation Value Deleted Lock Call Unlock Call Admin: Remove all locks Add Role Add Role Permissions Assign Role Delete Role Delete Role Permissions Unassign Role Update Role Device Added Device Updated Device Deleted Agent Added Agent Updated Agent Deleted Add User Update User Add Claims Map Delete Claims Map Update Claims Map Index Metadata Metadata Indexed Transcription Ready Media Stream Ended Compose File File Composed Check For Duplicate |
- CreateDevice (Action is "")
- UpdateDevice (Action is "")
- DeleteDevice (Action is "")
- CreateAgent (Action is "")
- UpdateAgent (Action is "")
- DeleteAgent (Action is "")
Collector:
- CreateCollector
- UpdateCollector
- DeleteCollector
- Call created (Action is "Create Call")
- Administrator Deletes a call (Action is "")
- Administrator moves a call from Local Storage to Local Storage (Action is "Admin Move Call")
- The System moves a call from Local Storage to Local Storage (Action is "Move Call")
- The System moves a call from AWS S3 to Azure Hot Storage (Action is "Move Call to Hot")
- The System moves a call from Azure Hot Storage to Azure Cold Storage (Action is "Move Call to Cold")
- The System moves a call from Azure Cold Storage to Azure Hot Storage (Action is "Move Call from Cold")
- CallSuppression (Action is "")
- RecordOnDemand (Action is "")
- System User performs a search on call metadata (Action is "Search Metadata")
- System User performs a search on a call transcription (Action is "Search Transcription")
- Lock call (unable to delete call after that) (Action is "Lock Call")
- Unlock call (able to delete call after that) (Action is "Unlock Call")
- CreateRole (Action is "Create Role")
- UpdateRole (Action is "Update Role")
- DeleteRole (Action is "Delete Role")
- AddPermissionToRole (Action is "")
- RemovePermissionFromRole (Action is "")
- AddLicense (Action is "")
- UpdateLicense (Action is "")
Annotation Header
- Create annotation header
- Update annotation header
- Delete annotation header (disable annotation header)
Annotation
- Create annotation
- Update annotation
- Delete annotation
Questions
- James Ratcliffe (Unlicensed), we need a list of all events we need to track in the system