[20463] Audit trail not showing name of member or contact who added a note (impersonation) #135
Comments
Andrew-Lahikainen
added
enhancement
|
The reason for such weird behaviour is because of ConnectWise's API design. I have detailed in this reply |
|
One of customer suggest to use ConnectWise's member impersonation. Which is valid point. But there are few issues we need to research, the outcome is how the whole thing will be adjusted. More specifically, do we want to opt in as default or do we want to have option to allow manual opt in. At current stage, personally I prefer manual opt in. Since the whole thing has design flaw. The problem is with API member concept. It try to mimic the OAuth approach, on permission grant. But for other OAuth permission grant system, they normally cannot impersonate. The one I know require admin consent, which is Microsoft's Graph API. Where if admin of given tenant has granted admin consent, then API can allow to impersonate and perform certain action on behalf of any employee. Now, without further dive into the API member's setting, it is most likely there is setting to control impersonation. Else the impersonation is over powered. Let's say, if a customer give us a API member with no permission to any board, then suddenly we can impersonate their CEO. Does that even make sense? Our customer often like to limit API member, thus, we cannot guarantee if we opt in as default, there won't be trouble. Most likely 60% of TECH user will log issue to say something is not working. |
Nness
changed the title
The audit trail will always be associated with the API member used for the integration. This issue is to keep track of any updates from ConnectWise on member or contact impersonation.
The text was updated successfully, but these errors were encountered: