Make TFS more Audit Friendly
We have outside auditors come in and they want to see stuff like who gave Jerry Project admin rights and when and how long did he have it? Items like that It would be nice to find info like that. It would also be nice to be able to export all of the users of a project in the groups that they are in.
Oskar Mamrzynski commented
We have a need to retrieve which users are members of which VSTS groups and what permissions they get as a result. However, this is only good for the first-time audit.
We have created a solution that pulls this information out via the API, but it's not a complete picture and having something integrated would work better.
Also, change management is an important requirement. Getting notified of who changed what permissions, and on which resource, being able to pipe that information into external audit logging, would be a good feature to have.
Suresh Kumar commented
An Audit Trial is must and basic
How do I know TFS is authenticating via Windows AD
Doug Punchak commented
There is currently a minimal activity\audit capability (2 days) but it needs to go back longer than that. Any public company needs to have this for SarbOx. I've voted for this one but I also posted one for extending the audit functionality if they think this one's satisfied with the 2 day audit report. https://visualstudio.uservoice.com/forums/330519-team-services/suggestions/18540799-extend-activity-auditing-tracking-in-vsts
Pieter Gheysens commented
It would also be very good to know who (and when) sets the VSTS access levels, especially for companies having multiple VSTS Administrators. I have witnessed already some internal discussions about reshuffling access levels for existing users.
I think this idea is a duplicate of https://visualstudio.uservoice.com/forums/330519-team-services/suggestions/2102465-make-tfs-more-audit-friendly which has already over 420 votes
David Jobling commented
This is an enterprise feature and as such I don't expect it to gather as many votes as the more popular mainstream ideas. It is also very boring. But as many of these comments say, it is an absolute requirement for VSTS to be an enterprise product. Not being able to see who give permissions to whom is a huge security hole and it will continue to limit the propagation of the service into the enterprise. As I understand it, all these actions are executed as REST services and thus the logs are available upon request. But they should be available in the UI.
Pierre Donyegro commented
This is a frequent request for large financial organizations. Users access associated with project names with a least a year of historical data.
Anthony Gregg commented
This would be great for when we do our true up with Microsoft. We need to know who is using TFS since we have no control over what users are added by Project Admins.
The ability to audit who created. modified, and/or deleted access to a user/role in TFS which would include security changes made to Release Management as well would be very useful.
Christian Guldbæk commented
It would also be relevant (for the situation I'm in) to have tracking of which files a user has viewed / downloaded.
This other tool helps a little bit:
Anyway, it's far from meeting our needs.
Yes, as tfs admin, i would love this feature
Bilgehan Berberoğlu commented
it would be helpful for us. please add this feature or explain us how we reach this info
Are there any tables which we can query to get this info ?
Farah Ravaee commented
I am in the same page as Peter.
Peter Gissel commented
This is hugely important where I work, which is FDA regulated.
Vanessa Umali commented
We've found that MTM Test Suites are most difficult to track. There is no way to determine who created or deleted Test Suites nor to find out if test cases have been added to or removed from a test suite. If there is a way to do so, please show me how.
Git enterprise boasts these features and is currently the only hosted source control we are allowed to use because of it.
Gian Piero Anselmi commented
As serious organizations really implement ALM, SDLC, SCM etc.its is obvious that Audit functions (who did what and when) for security reasons is a big point for TFS to become a first class tool. Without that most of the big organizations will just drop it.
Log for every bit (WI, SharePoint documents, Changesets, Permission etc.) is needed.
The actual http://servername:8080/tfs/_oi/ is not sufficient.