Skip to Main Content
Cloud Platform


This is an IBM Automation portal for Cloud Platform products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Future consideration
Workspace UrbanCode
Categories Deploy
Created by Guest
Created on Jan 17, 2022

Urbancode Deploy Roles Permission Changes - Audit Report with Differences

Hi Team,


We would like to have a before & after date report for any changes to different UCD roles made by admins etc.

This is in case if somebody accidentally makes any changes (As it's only a checkbox tick) so to keep a track of if no extra permissions are given to any roles recently (Developer, QA, Configurator etc. roles of UCD). This way we can do a monthly/quarterly audit of permission changes.

The idea is to have a comparison of all UCD role permissions at once in a single report and provide any changes that were made during the date range and who made those changes.


This is only for the roles page here generally managed by the admins-

https://localhost:8443/#security/roles/create


Thanks.



Update (March,12th 2023) - The script provided through comment link doesn't work well for the custom types of any objects. The idea is to see the changes made similar to how UCD provides changes on components, applications, their properties etc. Customers should not be required to run a script to get the changes every few weeks. The bigger idea here is to know this for Audit reasons as any team would have 3-4 core admins of the tool and we don't want anybody accidentally checking the box to enable something. Running a script for this isn't the right solution. This should be more on the UI itself. Please consider this feature considering audit is a must to have feature for an enterprise tool.


Idea priority Urgent
  • Admin
    Osman Burucu
    Reply
    |
    Mar 24, 2023

    A Blog/Article/Technote/Whitepaper will be created (in the next few weeks) to describe how to compare permission changes.

  • Admin
    Osman Burucu
    Reply
    |
    Mar 23, 2023

    Thank You for your feedback.

  • Guest
    Reply
    |
    Mar 17, 2023

    Yes, please check and let us know.

    As the audit log captures everything it's difficult to filter information there. It's also one of the biggest tables in UCD so unless there is some major issue we don't go use the audit tab. We are looking to compare just permission changes similar to how environment inventories can be compared. This is so somebody can on a regular basis keep checking that no extra permission was accidentally enabled.


    I do remember running this script from the link and it did not work well for the custom object types (Prod environment, Dev environment or agents etc.) It works very well for the standard object types only.

  • Admin
    Osman Burucu
    Reply
    |
    Mar 16, 2023

    All changes to roles and permissions are written into the audit log which can be then filtered for them and checked. The permission settings do not retain any other type of history.

    The mentioned article (https://community.ibm.com/community/user/wasdevops/blogs/ibm-ibm-devops-expert/2022/05/09/urbancode-deploy-10-minute-tip-documenting-the-per) provides a framework and can be surely expanded to your needs.

    I will check with development for more input.


  • Guest
    Reply
    |
    Mar 13, 2023

    Update (March,12th 2023) - The script provided through comment link doesn't work well for the custom types of any objects. The idea is to see the changes made similar to how UCD provides changes on components, applications, their properties etc. Customers should not be required to run a script to get the changes every few weeks. The bigger idea here is to know this for Audit reasons as any team would have 3-4 core admins of the tool and we don't want anybody accidentally checking the box to enable something. Running a script for this isn't the right solution. This should be more on the UI itself. Please consider this feature considering audit is a must to have feature for an enterprise tool.


  • Admin
    Osman Burucu
    Reply
    |
    Feb 4, 2022

    Thank You for providing your idea for enhancing UCD.

    Actually UCD provides the means to list the permissions. Please have a look at this article which could help you to build your own solution based on it:

    https://community.ibm.com/community/user/wasdevops/blogs/laurel-dickson-bull1/2020/12/16/urbancode-deploy-10-minute-tip-documenting-a-ucd-p