To retrieve the audit logs for your subaccount using the Audit Log Viewer service, you need to have proper authorizations. See https://docs.cloudfoundry.org/concepts/roles.html#permissionsInformation, published on a non-SAP site.
-
Create a RoleCollection.
-
Search for roles with the name "Auditlog_Auditor" and select both entries with the following application identifiers:
- auditlog-management!b*
- auditlog-viewer!t*
-
Assign the role to a user or create a rule to assign it to users based on the SAML Assertion coming from the IDP.
Only account members with the Security Administrator role are authorized to edit application authorizations.