Page tree
Skip to end of metadata
Go to start of metadata

Overview

OpenCGA 2.0.0 implements several improvements in the Audit component. Now, all operations in OpenCGA are audited.

How the audit works

OpenCGA audits every action a user performs. That includes not only queries but also any modification of the data. The Audit Record will include also information regarding if the operation could be successfully satisfied or not. If these are not satisfied, OpenCGA will audit the reason why it was not possible including the error message.

Audit Records are currently stored in a separated collection "audit" in MongoDB along with the rest of collections of OpenCGA Catalog. In version 2.1, we will support queries to the audit collection so administrators can filter by any of the fields described above.

Additionally, in future releases, we will support storing Audit Records in different auditing solutions.

Audit Record data model

The full audit data model can be checked at Audit Record.

FieldDescription
idUnique Audit Record id. Timestamp based.
operationIdTimestamp based id. Some web service operations require more than one suboperation. In those cases, OpenCGA will generate as many Audit Records as necessary but they will all share the same operation id.
userIdUser carrying out the operation.
apiVersionOpenCGA version running when the operation was performed.
actionAction being performed by the user. One of: CREATE, UPDATE, INFO, SEARCH, COUNT, DELETE, DOWNLOAD, INDEX, CHANGE_PERMISSION, LOGIN... See the full list here.
resourceInvolved resource. One of: USER, PROJECT, STUDY, SAMPLE, FILE, COHORT, INDIVIDUAL, FAMILY, JOB, PANEL, CLINICAL, INTERPRETATION, VARIANT, ALIGNMENT, CATALOG.
resourceIdInvolved resource id. Only filled in when possible. Example: A SEARCH action will never have an associated resource id but an INFO action will involve a particular resource id.
resourceUuidInvolved resource uuid. Only filled in when possible. Example: A SEARCH action will never have an associated resource id but an INFO action will involve a particular resource uuid.
studyIdInvolved study id. It is not filled in when the resource is either USER, PROJECT or CATALOG.
studyUuidInvolved study uuid. It is not filled in when the resource is either USER, PROJECT or CATALOG.
paramsAll the query parameters sent by the user that are necessary to perform the action required.
statusSUCCESS or ERROR. In case of ERROR, it will also contain an error code as well as an error description.
dateDate when the Audit Record was generated.
attributesAny additional information that might be of interest and not covered in the rest of the fields.


Table of Contents:


  • No labels