HRsGIT opened a new issue, #17933: URL: https://github.com/apache/dolphinscheduler/issues/17933
### Search before asking - [x] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar feature requirement. ### Description The `org.apache.dolphinscheduler.api.controller.AuditLogController.queryAuditLogListPaging` currently allows any authenticated regular user to view all system-wide audit logs. This includes sensitive activity logs generated by the admin user and other high-privileged accounts. I would like to suggest an improvement regarding this behavior. In my view, allowing users without any administrative or project permissions (e.g., an intern) to access global audit logs may pose a potential risk of information disclosure. The audit logs contain metadata that could be sensitive in certain environments, such as: * Project Metadata: Creation/deletion timestamps and project names (which often reflect internal business focus or data structures). * User Management: Global visibility of all usernames and user lifecycle events. * Security Context: Activity records related to the management of security tokens. While this information is necessary for administrators, providing it to all regular users might provide an unnecessary "system blueprint." Even the createTime can be sensitive, as it reveals operational patterns or helps in guessing time-based IDs. Proposed Improvement: To better align with the Principle of Least Privilege, I suggest adding a permission check to the audit log logic: * Regular Users: Restricted to viewing only their own activity logs. * Administrators: Retain the full global view for system auditing purposes. I believe this refinement would further enhance the security posture of DolphinScheduler for enterprise users. **An example:** The userA can not view any project. <img width="1280" height="640" alt="Image" src="https://github.com/user-attachments/assets/ed3359f3-c3af-47cd-acba-6b19c5efa06e"; /> Then we access the interface `org.apache.dolphinscheduler.api.controller.AuditLogController.queryAuditLogListPaging`. It is observed that all logs are returned, including the records of the admin creating userA and userB, as well as the records of userB creating a project, and the creation/update/deletion of security tokens. <img width="1280" height="731" alt="Image" src="https://github.com/user-attachments/assets/5adaab14-e0e9-4ea7-b7e5-266f08a03cc7"; /> <img width="1122" height="931" alt="Image" src="https://github.com/user-attachments/assets/d30c5cd5-f56a-48ea-ba7b-767c82481e64"; /> ### Are you willing to submit a PR? - [x] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
