Search the Community
Showing results for tags 'auditing'.
Hi, Recently I noticed that when removing a password list all associated audit log records are also deleted. My opinion is: - An Audit log should be append only. I understand that at some point it might get truncated. - The message currently being displayed when deleting a password list is not making clear the audit log is being deleted as well. I understand that "all related records" is very broad, but in my experience users don't expect audit logs to be deleted. - I will also raise a recycle bin feature request (if not already present). A recycle bin could help if can only be 'cleared' by passwordstate admins. Valentijn
Hello, I tried to see if this issue has already been brought up but did not find anything. It has been brought to my attention, the following scenario: A user browses a website, lets say "https://portal.office.com" where they have a password entry saved in their private password list. We also have a high number of shared passwords that have the same URL. When the user browses "https://portal.office.com" the auditing log shows that the user "retrieved password" for every password we have in the database using that URL. I feel that this process should be revised (assuming it has not been yet as we have yet to update to the latest version). There shouldn't be an audit entry stating that the password was retrieved unless it was actually pulled and used. Maybe pull a list of titles/usernames and audit that but not the actual password unless it is intended to be used by the end user. This fills up the auditing log and could cause for some confusion when a user is showing tons of password pulls when they did not intentionally do so. Has anyone else run into this? Thank you.