What happened?
Audit records are currently only viewable by admins. This means an individual principal cannot inspect the actions taken by their identities/agents, even though those actions affect their own vaults, credentials, and connected apps.
As Authsome moves toward explicit users, identities, principals, and vaults, audit visibility should not be limited to global administrators only.
What did you expect?
A principal should be able to view the audit trail for actions performed by identities/agents linked to that principal. The view should show the relevant action history end-to-end, including who/what initiated the action, which provider or vault was affected, timestamps, outcomes, and enough context to understand the trail.
This should remain scoped: principals should only see audit events they are authorized to see, not global server-wide audit logs for other principals.
Steps to reproduce
- Perform actions as an identity/agent linked to a principal, such as login, token refresh, revoke, logout, provider configuration, or vault access.
- Log in or open the UI as that principal.
- Try to inspect the audit trail for the principal's identities/agents.
- Observe that audit visibility is admin-only.
- Add scoped audit visibility so principals can view the action trail for their own agents and resources.
What happened?
Audit records are currently only viewable by admins. This means an individual principal cannot inspect the actions taken by their identities/agents, even though those actions affect their own vaults, credentials, and connected apps.
As Authsome moves toward explicit users, identities, principals, and vaults, audit visibility should not be limited to global administrators only.
What did you expect?
A principal should be able to view the audit trail for actions performed by identities/agents linked to that principal. The view should show the relevant action history end-to-end, including who/what initiated the action, which provider or vault was affected, timestamps, outcomes, and enough context to understand the trail.
This should remain scoped: principals should only see audit events they are authorized to see, not global server-wide audit logs for other principals.
Steps to reproduce