History - User permission audit logs

[ThibaultBC]

As a Ministry Team, I want a user permission audit trail, so that I can see logs of permissions granted and removed in the past for audit and investigation purposes.

Context: Requested by AG, as they are being audited on this regularly. The current state doesn't allow to follow added and removed users, which can lead to gaps in understanding past permissions and doesn't allow full transparency.

Acceptance Criteria:

1. On the History Tab of a project set, add a log line for each permission related action, including the name of the user performing the action, the name of the user receiving or loosing permission, the permission in question, and a time and date stamp, including Year, Month, Day, Hours, Minute, Timezone 3 letters (ie. PST).
2. Add a "Roles" Filter at the top of the list under the "History" Tab, enabling to look only at permission changes.
3. Add a "Project details" (suggestions welcome for that name) Tab, allowing to look exclusively at project edition logs (ie. filtering out permission logs).

[ThibaultBC]

Not ultimate audit trail, because it's possible to add/remove users in Keycloack. Consider keycloack audit trail as an addition.

[Iryna-Kaplun]

Thibault's comment from Oct 29, 2024:

Well yes the need still exists, I can understand it doesn't take priority over some other items, but I think that's a good addition and to confirmed, might also be an improvement for private cloud too.

This is about security and the ability to track if someone was granted permission, by who, even for a short time, to try and investigate potential breaches etc.

This would be a good discussion to have to understand if there's a need in Private cloud too. I'd suggest talking about it with Nick.