Hi,
1. The behavior you unexpectedly encountered
I have a situation where several bypasses are possible so I use the authentication challenge to elevate and enable/disable bypasses.
This all works as expected, however the audit logs show the resulting tag write with the actor being the user logged into the session rather than the user that completed the auth challenge.
We use tag write permissions extensively. I have tested this behaviour to show that the tag write is in fact using the security levels of the auth challenge user to determine if the write is allowed, then it puts an entry in the audit log of the session user. This could even mean that it is logged as "Unauthenticated" performing the tag write.
2. The behavior you were expecting to see
I expect the audit log to show the actor of the action as the authentication challenge user
3. A list of the steps you took that exposed the issue
Create two users:
operator with role of operator
admin with role of admin
Setup audit logging
Log in to perspective session as operator
Raise an authentication challenge from a view.
Authenticate as admin
Do a tag write in an authentication challenge handler.
Review the audit log and see that the tag write actor is operator
I have also tested with various tag permissions to show that the write is only possible if the authentication challenge user has write permission on the tag, so it appears the user doing the write is known.
4. A list of helpful information about the situation you were in
Ignition 8.1.45
Perspective 2.1.45