Audit Logs

Add audit logs permissions to user

By default only System Admins have access to audit logs. Access to view audit logs can be granted to any user by adding the audit_logs_viewer relation between the user and organization with FGA CLI client.

You can setup the FGA CLI client locally, but a preconfigured installation is available on the krane-toolset service. These instructions will assume you are using the krane-toolset service.

Attatch to `krane-toolset`

First make sure you have kubectl installed and configured to the correct Kuberentes cluster.
Attach a terminal to krane-toolset

kubectl exec -it deploy/krane-toolset -n krane

Write FGA relationship tuple

fga tuple write user:<userId> audit_logs_viewer organization:<organizationName>

Replace <userId> and <organizationName>. The user should now have access to view the audit logs for the specified organization.

Add audit logs permissions to user​

Attatch to krane-toolset​

Write FGA relationship tuple​

Add audit logs permissions to user

Attatch to `krane-toolset`

Write FGA relationship tuple