[Improvement] Restrict access to global audit logs

### Search before asking

- [x] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar feature requirement.


### Description

The `org.apache.dolphinscheduler.api.controller.AuditLogController.queryAuditLogListPaging` currently allows any authenticated regular user to view all system-wide audit logs. This includes sensitive activity logs generated by the admin user and other high-privileged accounts.

I would like to suggest an improvement regarding this behavior. In my view, allowing users without any administrative or project permissions  (e.g., an intern) to access global audit logs may pose a potential risk of information disclosure.

The audit logs contain metadata that could be sensitive in certain environments, such as:

* Project Metadata: Creation/deletion timestamps and project names (which often reflect internal business focus or data structures).
* User Management: Global visibility of all usernames and user lifecycle events.
* Security Context: Activity records related to the management of security tokens.

While this information is necessary for administrators, providing it to all regular users might provide an unnecessary "system blueprint." Even the createTime can be sensitive, as it reveals operational patterns or helps in guessing time-based IDs. 

Proposed Improvement: To better align with the Principle of Least Privilege, I suggest adding a permission check to the audit log logic:

* Regular Users: Restricted to viewing only their own activity logs.

* Administrators: Retain the full global view for system auditing purposes.

I believe this refinement would further enhance the security posture of DolphinScheduler for enterprise users.

**An example:**
The userA can not view any project.
<img width="1280" height="640" alt="Image" src="https://github.com/user-attachments/assets/ed3359f3-c3af-47cd-acba-6b19c5efa06e" />

Then we access the interface `org.apache.dolphinscheduler.api.controller.AuditLogController.queryAuditLogListPaging`. It is observed that all logs are returned, including the records of the admin creating userA and userB, as well as the records of userB creating a project, and the creation/update/deletion of security tokens.

<img width="1280" height="731" alt="Image" src="https://github.com/user-attachments/assets/5adaab14-e0e9-4ea7-b7e5-266f08a03cc7" />

<img width="1122" height="931" alt="Image" src="https://github.com/user-attachments/assets/d30c5cd5-f56a-48ea-ba7b-767c82481e64" />

### Are you willing to submit a PR?

- [x] Yes I am willing to submit a PR!

### Code of Conduct

- [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Improvement] Restrict access to global audit logs #17933

Search before asking

Description

Are you willing to submit a PR?

Code of Conduct

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Improvement] Restrict access to global audit logs #17933

Description

Search before asking

Description

Are you willing to submit a PR?

Code of Conduct

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions