The advanced setting log-permissions-info-for-usernames enables targeted logging of permission path evaluations for specified users. This feature aids in debugging permission issues and collecting required permissions for configuration and development purposes.
How to Enable
-
Log in as Admin:
Access the system with an administrative account. -
Navigate to Settings:
Go to Settings > Advanced and locate the setting log-permissions-info-for-usernames. -
Set Usernames for Logging:
Enter a comma-separated list of usernames for which permission path evaluations should be logged. Example:username1,username2. -
Save the Configuration:
Click Save to apply changes.
How It Works
-
Logging Mechanism Activation:
- Once the setting is enabled and usernames are added, the system starts logging permission path checks for the specified users.
- Logs include both V1 and V2 permission engine evaluations, ensuring comprehensive debugging information.
-
Log File:
- The system writes logs to the
permission-evaluations.logfile. - Logs include existing permissions for the specified users and the paths being evaluated during permission checks.
- The system writes logs to the
-
Testing the Configuration:
- Verify that the
permission-evaluations.logfile is initially empty. - Navigate the system with one of the configured usernames and confirm that the log file captures permission paths and evaluations.
- Switch to the V2 permissions engine and confirm logging behavior persists.
- Verify that the
Example Use Case
An administrator adds their username to the log-permissions-info-for-usernames setting to troubleshoot an issue where permissions for specific actions are not being applied correctly. By reviewing the permission-evaluations.log file, the admin identifies missing or misconfigured permissions and adjusts the setup accordingly.