Expand docs for impersonated AuditEvents

This documentation was considered "brief to the point of being unclear." This expands it with helpful details.

Expand docs for impersonated AuditEvents
This documentation was considered "brief to the point of being unclear." This expands it with helpful details.
9cf0713d · Dan Jensen · Mike Jang · 6b41e38d · 9cf0713d · 9cf0713d
Commit 9cf0713d authored Feb 12, 2021 by Dan Jensen Committed by Mike Jang Feb 12, 2021
Showing with 7 additions and 2 deletions

doc/administration/audit_events.md doc/administration/audit_events.md +7 -2

doc/administration/img/impersonated_audit_events_v13_8.png doc/administration/img/impersonated_audit_events_v13_8.png +0 -0

No files found.
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -36,11 +36,16 @@ There are two kinds of events logged:
 - Instance events scoped to the whole GitLab instance, used by your Compliance team to
  perform formal audits.

-### Impersonation data **(PREMIUM)**
+### Impersonation data

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/536) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.0.

-Impersonation is where an administrator uses credentials to perform an action as a different user.
+When a user is being [impersonated](../user/admin_area/index.md#user-impersonation), their actions are logged as audit events as usual, with two additional details:
+
+1. Usual audit events include information about the impersonating administrator. These are visible in their respective Audit Event pages depending on their type (Group/Project/User).
+1. Extra audit events are recorded for the start and stop of the administrator's impersonation session. These are visible in the instance Audit Events.
+
+![audit events](img/impersonated_audit_events_v13_8.png)

 ### Group events **(PREMIUM)**


--- a/doc/administration/img/impersonated_audit_events_v13_8.png
+++ b/doc/administration/img/impersonated_audit_events_v13_8.png