Version 1

    Background

    An enhancement to the Delegate Access addon was recently released which introduced additional audit log information tied to delegate posting.

    After further internal discussion and conversations with customers we've altered the logging to be more focused on the ID of the Appointee Content and the delegate author who published that content.

     

    Changes to Audit Logging

    In order to focus and clarify the content of audit log entries generated by Delegate Content usage, a change has been introduced that will ensure the two most critical pieces of information from an auditors perspective are contained in a single log entry.

     

    With this change, users who are reviewing the audit log to identify normal or inappropriate usage of the Delegate Access addon can look for entries matching the following pattern:

     

    The entry includes the time of publish, the username of the Delegate Author and the API path for the content item posted including it's content ID. The entries can easily be identified by the "impersonating user" text prepending the description or by the "Delegate Access App" user listing.

     

    Example Use Case

    The process for identifying the Delegate Author for a piece of content might look like the following:

    1. Open the piece of content that needs investigation.
    2. Append "/api/v3" to the end of the content URL and navigate to the updated address.
    3. Find "/api/core/v3/contents/" in the data that loads and make note of the ID number that follows. (I.E. /api/core/v3/contents/1019)
    4. Open the audit log viewer in the admin console or the output of a query to the audit log table.
    5. Search for an entry that contains the ID number pulled from step 3. This could be eased by filtering on a target time that includes the target content items publish date/time.
    6. Make note of the Username that accompanies the entry in the audit log, this is the Delegate Author for that ghost published content.

     

    Accompanying SQL Query

    The following query returns only the log entries showing who was the Delegate Author and the ID for the Appointee Content item. The query also makes adjustments to the initial audit log entries to make them more immediately human readable.

     

    SELECT TIMESTAMP WITH TIME ZONE 'epoch' + timestamp * interval '1 millisecond' AS PublishTime,

    replace(replace(replace(description,'/core/v3/','api/core/v3/'),'for GET','ghost authored content:'),'impersonating user','User ') AS DelegateAction

    FROM jiveauditlog

    WHERE details LIKE '%a3bac8a7-5360-4616-9f07-215b7f484753%'

    AND description LIKE '%GET%'

    ORDER BY auditmessageid DESC

     

    This query produces output like the following:

     

    Glossary of Terms

    Appointee Author - The user who has content published on their behalf by another user account, using the Delegate Access addon.

    Delegate (Ghost) Author - The user who publishes content as another user using the Delegate Access addon.

    Ghost Content - The content which is initially created as the source material for the content published by the Delegate Author for the Appointee Author.

    Appointee Content - The content which is the output of the Delegate Access post performed by the Delegate Author. The Appointee content author will be displayed as the Appointee Author in the Jive UI.