Audit Event proposal: Enable Admin Mode

Audit need

We provide the Admin mode so that instance admins can use their accounts as regular users, unless they require access to the admin panel.

Given that, "Enable admin mode" is an action which elevates permissions. It opens access to private resources or potentially dangerous settings, and therefore should be auditable.

Proposal

Emit an instance-level audit event whenever a user enables admin mode. Currently, the code only writes a debug-level log entry.

added Category:Audit Events groupcompliance typefeature labels

assigned to @stkerr

added audit_eventsuser_permissions label

added Next Up priority3 workflowplanning breakdown labels

added to epic &476

mentioned in epic &476

Setting label(s) devopsmanage sectiondev based on groupcompliance.

added devopsmanage sectiondev labels

unassigned @stkerr

removed Next Up label

added devopsgovern sectionsec labels and removed devopsmanage sectiondev labels

changed milestone to %Backlog

added groupauthentication and authorization [DEPRECATED] label and removed groupcompliance label

added devopsmanage sectiondev labels and removed devopsgovern sectionsec labels

removed priority3 label

changed milestone to %15.7

removed audit_eventsuser_permissions label

We need an ee override of Auth::CurrentUserMode#enable_admin_mode! creating a AuditEvent. I am assigning a weight of 2.

@bdenkovych, could you please review my estimation?

First, I was curious why we want to do it in ee/ then I learned that Instance events belongs to the Premium tier. So I agree it should be in ee/

Since we completely understand where and how we want to instrument new Audit Event, weighing it as 2 looks appropriate. We will also need to update documentation in https://docs.gitlab.com/ee/administration/audit_events.html#instance-events

added workflowready for development label and removed workflowplanning breakdown label

set weight to 2

added [deprecated] Accepting merge requests label

mentioned in issue gitlab-org/quality/triage-reports#9972 (closed)

added quad-planningcomplete-no-action label

marked this issue as related to #353839 (closed)

mentioned in issue #353839 (closed)

marked #353839 (closed) as a duplicate of this issue

removed [deprecated] Accepting merge requests label

mentioned in commit 7621c6d8

mentioned in commit b3bf929c

mentioned in merge request !104754 (merged)

mentioned in commit 5db2220a

mentioned in commit 410224fe

mentioned in commit 1e6dd2a2

mentioned in commit 137ebc3a

added workflowin dev label and removed workflowready for development label

mentioned in commit d5536698