-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Internal Code
-
Labels:None
-
Fully Compatible
-
Security 2020-11-30, Security 2020-12-14
Currently, all audit event types are valid authorization ActionTypes. This means that audit event types can be granted as meaningless authorization rights. We should create a second set of ActionTypes for use with auditing, which contains all existing ActionTypes used for auditing purposes. All new event types shall be added exclusively to the new set. Existing audit event types in the authorization set shall not be removed, for backwards compatibility, but shall be marked as deprecated.