Contrib.social

Add Admin Audit Trail User Roles submodule for tracking role changes

Open on Drupal.org →
Created on 8 July 2025, 13 days ago

Problem/Motivation

The existing admin_audit_trail_user module tracks general user create, update, and delete operations but does not log specific role assignment and removal events. Role changes are important security events that should be tracked separately for compliance and security auditing.

Steps to reproduce

  1. Enable the admin_audit_trail and admin_audit_trail_user_roles modules
  2. Navigate to `/admin/people` and edit a user account
  3. Add or remove a role from the user and save
  4. Navigate to `/admin/people/roles` and create, edit, or delete a user role
  5. Visit `/admin/reports/audit-trail` to view the logged events
  6. Filter by type "User Roles" to see role-specific audit entries

Expected result: Role assignment/removal and role management events appear in the audit trail with descriptive messages including user names, role names, and operation types.

Proposed resolution

Add a new submodule admin_audit_trail_user_roles that tracks:

  • Role assignments (when roles are added to users)
  • Role removals (when roles are removed from users)
  • Role management (creation, updates, deletion of roles)

The module automatically filters out 'authenticated' role changes since these are automatic.

Remaining tasks

  • ✅ Create the module structure following existing patterns
  • ✅ Implement role change tracking logic
  • ✅ Test functionality with role assignments/removals
  • ✅ Test role management operations
  • ➖ Community review
  • ➖ Maintainer approval

API changes

  • None. Uses existing admin_audit_trail_insert() function and follows established patterns.

Data model changes

  • None. Uses existing admin_audit_trail table with new log type.

Release notes snippet

New submodule: Admin Audit Trail User Roles

Added a new optional submodule that provides detailed logging of user role changes and role management operations. When enabled, the module tracks:

  • Role assignments and removals from user accounts
  • Creation, modification, and deletion of user roles
  • Automatic filtering of system-generated 'authenticated' role changes

    • This enhancement provides administrators with granular audit trails for role-based security events, complementing the existing user activity logging. The new logs appear in the standard audit trail report at `/admin/reports/audit-trail` with the type 'user_roles'.

    To enable this functionality, install and enable the `admin_audit_trail_user_roles` submodule from the module list.

    Feature request
    Status

    Needs review

    Version

    1.0

    Component

    Code

    Created by

    🇳🇱Netherlands daaan

    Live updates comments and jobs are added and updated live.
    Sign in to follow issues

    Comments & Activities

    Not all content is available!

    It's likely this issue predates Contrib.social: some issue and comment data are missing.

    contrib.social Blog FAQ Discussions
    Production build 0.71.5 2024