I\'m developing a kind of standard web-application, to be hosted internally on f

Question

I'm developing a kind of standard web-application, to be hosted internally on few customer's servers (not a public service, startup or anything like that). A kind of CMS, e-learning platform or something close to that. Because this is an internal project, customer had given me quite a large decision field and did not specified problem in question.

My developed web-application is planned to have few admins and only one superuser per each installation. In this case, should application logs be available to admin-level users or strictly prohibited to be viewed by superuser only?

Explanation / Answer

It will all depend on the classification of the data and the classification of the users. You can create different levels of logs for different classifications of users, if that's needed.

It's a balance of usability (what logs do they need in order to do their jobs) and security (what logs do they need to NOT see because it is above their classification).

Install logs tend to be of a general classification, but logs containing user data tend to be of a restricted classification depending on the data.

You need to map what the 'admin' and 'superuser' need for their functions, and map out what is in the logs that needs to be protected.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.