diff --git a/service.go b/service.go index d2bd3df219f5013e2def962679f9102d4b209249..c60f5b177c6992bef486f47fa52d39b980c9d9b9 100644 --- a/service.go +++ b/service.go @@ -230,6 +230,7 @@ func (s *authService) authorizeUser(ctx context.Context, tx TX, req RequestBase) // Requests are allowed if the SSO ticket corresponds to an admin, or if // it identifies the same user that we're querying. if !s.isAdmin(tkt) && tkt.User != req.Username { + log.Printf("unauthorized access from user %s to user %s", tkt.User, req.Username) return nil, nil, ErrUnauthorized }