Track and audit all user operations in processes, ensuring traceability, compliance, and efficient troubleshooting.
User Problem
Currently, the meaningful audit log is missing in Operate to provide visibility into process Operations performed by users. A simple operations panel is available, which is quite limited - operations visibility is limited to one user, and the information about operations is very limited.
Also, there is no information about process operations performed in a specific process instance. This creates broken instance history without explanation what happened and why (e.g. how and why the instance was modified).
Meaningful audit logs and tracking the history of user operations in Operate are essential for auditing, troubleshooting, and traceability. Customers are unable to identify who performed specific actions, leading to difficulties in understanding and resolving issues in their processes.
The type of action we ran into the problem with: someone moved a proccess instance from one node to another in Operate. We could not identify who did this or when it happened. It affected another teams task processing as the user had moved process along to skip the user teams user task. We would need to be able to audit when this happens and who is doing such actions so we can understand they reasons behind their actions ~ One of the customers
Release Notes
In this latest release, Camunda introduces a robust audit log for User Operations, enhancing operations engineers' capabilities to monitor and audit user activities. This feature ensures accurate tracking of user operations, guaranteeing compliance to established standards and regulations. With detailed audit logs at their disposal, Camunda 8 Operate equips operators, developers, and management alike with valuable insights to swiftly identify and address issues, elevating the efficiency of business operations.
User Stories
As an Operations Engineer, I can understand:
which user performed an operation in Operate
which operation was performed
when the operation was performed
(batch operations) which entities (process instances | Process Definition) were involved
which changes were made
As the Operations Engineer, I can:
Explore the global audit log of user operations
Check operations applied to a specific process instance in the process instance view
Check operations applied to a specific decision definition instance in the decision instance view
Check batch operations in the global audit log and all instances affected by batch operation (As instance X was part of the batch operation Y, I can check in instance X details that there was batch operation Y applied to this instance)
As an Operations Engineer, I can add annotation/comment to process operations that I apply or applied to explain why I did that
Annotations can be added after the operation has been applied (in global and instance audit log), not when applying operation
All users can see all annotations
All users can add annotations to all operations
Only one annotation can be added
As an Operations Engineer, I can filter and search the global audit log by:
The user who performed the operation
By date-time the operation occurred
Operation type
Definition and instance id
Definition name
Implementation Notes
Operations Log represents only operations applied by users in Operate UI (not via Zeebe API)
Each request towards Operate should be logged with something like:
User id: 'xyz', operation: 'set-variable', payload '{"scopeKey": 123123123123, "variables":{"myvar": "myVal"}}' or something similar. Customers could use this to stream to Splunk; they would get a complete audit log in their system
User Operations to reflect in the UI:
Process Instance Modification (batch and single)
Process Instance Migration (batch and single)
Retry
Variable modification\/addition
Cancel Instance
Delete instance (global audit log)
For the variable change, we should show what was the old and new value
Users with read and write permissions should have access to audit log
Audit log can be seen by all users who have access to operate for operations performed by all users who applied process operations in operate
Audit log entries should be available as long as the associated entity (e.g. process instance)
Value Proposition Statement
Track and audit all user operations in processes, ensuring traceability, compliance, and efficient troubleshooting.
User Problem
Currently, the meaningful audit log is missing in Operate to provide visibility into process Operations performed by users. A simple operations panel is available, which is quite limited - operations visibility is limited to one user, and the information about operations is very limited.
Also, there is no information about process operations performed in a specific process instance. This creates broken instance history without explanation what happened and why (e.g. how and why the instance was modified).
Meaningful audit logs and tracking the history of user operations in Operate are essential for auditing, troubleshooting, and traceability. Customers are unable to identify who performed specific actions, leading to difficulties in understanding and resolving issues in their processes.
Release Notes
In this latest release, Camunda introduces a robust audit log for User Operations, enhancing operations engineers' capabilities to monitor and audit user activities. This feature ensures accurate tracking of user operations, guaranteeing compliance to established standards and regulations. With detailed audit logs at their disposal, Camunda 8 Operate equips operators, developers, and management alike with valuable insights to swiftly identify and address issues, elevating the efficiency of business operations.
User Stories
As an Operations Engineer, I can understand:
As the Operations Engineer, I can:
As an Operations Engineer, I can add annotation/comment to process operations that I apply or applied to explain why I did that
As an Operations Engineer, I can filter and search the global audit log by:
Implementation Notes
Operations Log represents only operations applied by users in Operate UI (not via Zeebe API)
Each request towards Operate should be logged with something like:
User id: 'xyz', operation: 'set-variable', payload '{"scopeKey": 123123123123, "variables":{"myvar": "myVal"}}'
or something similar. Customers could use this to stream to Splunk; they would get a complete audit log in their systemUser Operations to reflect in the UI:
For the variable change, we should show what was the old and new value
Users with read and write permissions should have access to audit log
Audit log can be seen by all users who have access to operate for operations performed by all users who applied process operations in operate
Audit log entries should be available as long as the associated entity (e.g. process instance)
Camunda 7 User Operation log
Camunda 7 - Auditing of Cockpit Operations
:robot: This issue is automatically synced from: source