SecurityListener should be notified when an ACL check is denied. If it can be done efficiently, it should also be notified when an ACL check is granted. This would allow a listener to determine which permissions are being used by whom on what.

          [JENKINS-21402] Log/notify ACL grant or deny events

          Jesse Glick created issue -
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-20999 [ JENKINS-20999 ]

          Jesse Glick added a comment -

          I.e., logging when a AccessDeniedException is thrown (mainly from ACL.checkPermission), and/or caught at top level (ExceptionTranslationFilter.handleException).

          Jesse Glick added a comment - I.e., logging when a AccessDeniedException is thrown (mainly from ACL.checkPermission ), and/or caught at top level ( ExceptionTranslationFilter.handleException ).
          Jesse Glick made changes -
          Link New: This issue depends on JENKINS-20999 [ JENKINS-20999 ]
          Jesse Glick made changes -
          Link Original: This issue is related to JENKINS-20999 [ JENKINS-20999 ]
          Jesse Glick made changes -
          Labels Original: logging security New: api logging security
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 153266 ] New: JNJira + In-Review [ 178474 ]

            Unassigned Unassigned
            jglick Jesse Glick
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: