Hi Team,
I have an query regarding “sysadmin” role which is used in tulip.
This is basically a “super user” account exists in every Tulip environment by default. With this account, can do everything. but it’s shared, it’s anonymous and not qualified as audit trail
can i know if it can be tracked? like who uses this account who made the changes etc.,
Regards,
Kasilingam
Hey @Kasilingam.samy -
Here is a quick schematic on how Tulip Employees access Tulip Instances:
Shared sysadmin credentials are only used on the right branch. These credentials are only issued through a needs-based request. These credentials expire after a set duration. In practice, this means very very few Tulip employees have access to these instances.
In all other cases, Tulip employees are logging in through Tulip SSO and are attributable to a specific individual. This is what one of those activity log entries would look like:
Hope this detail helps,
Pete
Hi Pete,
Many thanks for the response.
Actually when we are doing LTS upgrade we often use this ‘sysadmin’ credentials to check the deploy info ( using _admin after the url) which works only for “sysadmin” login. but we need to ensure who is using that account since it’s shared one. is it possible to track that?
Regards,
kasilingam
Hey @Kasilingam.samy -
Gotcha! Right now there isn’t visibility into any of the changes or activity in the _admin pages in the activity log (because this is generally an internal-only tool for Tulip).
We need to expose these pages in cases where there is simply no mechanism for us to easily access an instance (private cloud would be the most notable case).
Many of the areas where we expect changes to happen within these pages do require a note and the history of these changes is tracked, but not attributable to a specific user. I will write a feature request on your behalf to add more detailed attribution to these logs, along with potentially adding these events to the instance activity logs.
Pete
Hi Pete,
Got your info,
What if i do the changes in the app builder site for modifying the apps,tables etc., using ‘sysadmin’ account. activity logs will be captured as "sysadmin’ only. with this we cannot find who did the changes using this sysadmin credentials, correct? is there any way to find the person/from which PC he/she has made changes using this sysadmin credentials?
-Kasi