[Technical Support Request] Implement proper attribution on the Reveal System

[AngelaKabari]

What is the nature of this Technical Support Request? Please describe the need/requirement in detail.

At the moment, it is not possible to know who made changes to the Reveal Thailand server environment because we:

1. Share common credentials to the Reveal production environment.
2. Access the server from a VPN so we cannot tell which IP address any changes emanate from.

This prevents us from being able to properly attribute changes to the production environment, which poses a risk.

Describe the solution you'd like

Have a clear way of knowing who accessed the production environment, the organisation they came from as well as the date and time that the changes were made.

Describe alternatives you've considered

The above can be accomplished by:

• DVBD issuing the project team with organisation specific (CHAI, Biophics and Ona) credentials to allow for proper attribution going forward.
• The installation of an auditing tool on the server to log details on server access and file changes.

Additional context

This has arisen from the following linked issues:

• https://github.com/onaio/Reveal-Thailand/issues/15
• https://github.com/onaio/infrastructure/issues/6286

[AngelaKabari]

Closing this issue as it has been overtaken by events and the project has come to an end.