User management logging

To my knowledge there is no dedicated user access audit log.

However, we are often logging applicationId (as part of the logging context) which will contain the userId if user based authorization is used.
For example, see applicationId: "e6c6460c-6b8a-467c-8c6a-d8e40b1a8cef-alice-user" in the log line below:

07:31:21.402 [sandbox-akka.actor.default-dispatcher-9] INFO c.d.p.a.s.ApiSubmissionService - Submitting transaction , context: {participantId: “sandbox-participant”, commands: {readAs: , deduplicationPeriod: {duration: “PT30M”}, submittedAt: “2022-04-08T07:29:30.897957Z”, ledgerId: “sandbox-server”, applicationId: “e6c6460c-6b8a-467c-8c6a-d8e40b1a8cef-alice-user”, submissionId: “13e315fc-d66b-42a3-b54b-f94481722c92”, actAs: [“alice-party”], commandId: “-86b3682a-bdf5-4f00-a064-2294aba213ae”, workflowId: “workflowId”}}

Also, we are logging all changes to persisted user state, at info level. For example:

07:36:51.113 [daml.index.db.threadpool.connection.api-server-0] INFO c.d.p.u.PersistentUserManagementStore - Granted 1 user rights to user 79c64b59-0a4e-4565-acac-37f5377d7257-alice-user: CanActAs(b8f75500-b76a-44aa-a996-8f474d1ec48e) , context: {participantId: “sandbox-participant”, submissionId: “3d431421-7858-4330-a481-fae1d65f25ec”}

1 Like