审计事件

DotID 会为通过平台执行的每个写操作记录审计事件。事件由审计服务存储,可在 TraceBook (console.flexgalaxy.com/tracebook/) 中查看。

每条审计事件包含:

  • accountId — 操作所在的账户

  • eventSource — 服务命名空间(例如 iamorganizations

  • eventName — 具体操作(例如 CreateUser

  • actorId — 执行操作用户的 Keycloak sub

  • details — 操作的键值元数据

账户生命周期

AccountController 记录的事件。accountId 字段为目标账户自身的 UUID。

事件名称

来源

详情

CreateAccount

accounts

accountName

UpdateAccount

accounts

accountName

CloseAccount

accounts

accountName, cancellationWindowDays

ReopenAccount

accounts

accountName

DeleteAccount

accounts

accountName

UpdateAccountStatus

accounts

accountName, newStatus

ProvisionMemberAccount

accounts

email, accountName

组织管理

OrganizationControllerOrganizationService 记录的事件。accountId 字段为组织的管理账户。

事件名称

来源

详情

CreateOrganization

organizations

orgName, orgId

DeleteOrganization

organizations

orgId, orgName

CreateOu

organizations

orgId, ouName, parentId

DeleteOu

organizations

orgId, ouId

MoveAccountToOu

organizations

orgId, accountId, targetOuId

RemoveAccount

organizations

orgId, accountId, accountName

LeaveOrganization

organizations

orgId, accountId

委托管理

委托管理

事件名称

来源

详情

RegisterDelegatedAdmin

organizations

orgId, accountId, serviceName

DeregisterDelegatedAdmin

organizations

orgId, accountId, serviceName

IAM 用户

IamUserController 记录的事件。accountId 字段为用户所属的账户(通过 X-Account-Id 请求头传递)。

事件名称

来源

详情

CreateUser

iam

email, userId

UpdateUser

iam

userId

DeleteUser

iam

userId

ResetUserPassword

iam

userId

Identity Center 用户

IdcUserController 记录的事件。IDC 用户是通过 Identity Center 管理的组织级用户。accountId 字段为组织的管理账户。

事件名称

来源

详情

CreateIdcUser

identity-center

username, userId

DeleteIdcUser

identity-center

username, userId

ResetIdcUserPassword

identity-center

username, userId

IAM 用户组

IamGroupController 记录的事件。

事件名称

来源

详情

CreateGroup

iam

groupName, groupId

UpdateGroup

iam

groupName, groupId

DeleteGroup

iam

groupName, groupId

AddGroupMember

iam

groupName, groupId, userId

RemoveGroupMember

iam

groupName, groupId, userId

IAM 策略

Recorded by IAM policy management.

事件名称

来源

详情

CreatePolicy

iam

policyName, policyId

UpdatePolicy

iam

policyName, policyId

DeletePolicy

iam

policyId

SetDefaultPolicyVersion

iam

policyId, versionNumber

AttachPolicy

iam

policyId, principalId, principalType

DetachPolicy

iam

policyId, principalId

权限集

Recorded by permission set management. Permission set operations are platform-global.

事件名称

来源

详情

CreatePermissionSet

iam

name, permissionSetId

UpdatePermissionSet

iam

name, permissionSetId

DeletePermissionSet

iam

name, permissionSetId

AttachPermissionSetPolicy

iam

permissionSetId, policyId

DetachPermissionSetPolicy

iam

permissionSetId, policyId

服务配额

ServiceQuotaService 记录的事件。accountId 字段为组织 ID(配额以组织为作用域)。

事件名称

来源

详情

SubmitQuotaIncreaseRequest

service-quotas

quotaId, quotaName, requestedValue

ApproveQuotaIncreaseRequest

service-quotas

requestId, quotaName, newValue

DenyQuotaIncreaseRequest

service-quotas

requestId, reason

总览

类别

数量

事件名称

账户生命周期

7

Create, Update, Close, Reopen, Delete, UpdateStatus, ProvisionMember

组织

7

CreateOrg, DeleteOrg, CreateOu, DeleteOu, MoveAccount, RemoveAccount, Leave

委托管理

2

Register, Deregister

IAM 用户

4

Create, Update, Delete, ResetPassword

IDC 用户

3

Create, Delete, ResetPassword

IAM 用户组

5

Create, Update, Delete, AddMember, RemoveMember

IAM 策略

6

Create, Update, Delete, SetDefaultVersion, Attach, Detach

权限集

5

Create, Update, Delete, AttachPolicy, DetachPolicy

配额

3

Submit, Approve, Deny

合计

42