Log access success and failure when external policy classification control is enabled
In highly controlled environments, it may be necessary for access policy to be controlled by an external service that permits access based on project classification and user access. In these environments it is important to log every single call to the external policy classification control service so that individual users access patterns can be analyzed.
Proposal
Each request to the service should add an entry to a dedicated log file access-control.log
(name of file tbc), even if using a cached response from the external service.
The following fields should be logged:
- user identifier
- classification
- project path