Improve viewing access to system logs for administrators

Update the database policy for the admin_audit_log view to allow moderators to access logs without requiring multi-factor authentication, while maintaining strict security for log insertions. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 14a3da17-c084-4611-919e-f0651a496ef3 Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7cdf4e95-3f41-4180-b8e3-8ef56d032c0e/14a3da17-c084-4611-919e-f0651a496ef3/cWpfk79
2025-12-20 02:51:12 -05:00 · 2025-10-27 23:18:46 +00:00
parent dc77f6a680
commit 46377152c3
1 changed files with 20 additions and 0 deletions
--- a/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql
+++ b/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql
@@ -0,0 +1,20 @@
+-- Fix admin_audit_log view policy to allow viewing without AAL2
+-- Viewing logs is a read-only operation and doesn't require the same
+-- security level as modifying data. We still require moderator role.
+
+DROP POLICY IF EXISTS "Admins can view audit log" ON public.admin_audit_log;
+CREATE POLICY "Admins can view audit log"
+ON public.admin_audit_log
+FOR SELECT
+TO authenticated
+USING (
+  is_moderator(auth.uid())
+);
+
+-- Keep the strict AAL2 requirement for inserting audit logs
+-- (This policy already exists but we're documenting it here for clarity)
+COMMENT ON POLICY "Admins can insert audit log with MFA" ON public.admin_audit_log 
+IS 'Requires AAL2 (MFA step-up) for inserting audit logs to ensure high security for write operations';
+
+COMMENT ON POLICY "Admins can view audit log" ON public.admin_audit_log 
+IS 'Allows moderators to view audit logs without AAL2 since this is a read-only operation';