We also need security related logs, such as: who gives permissions on OAC resources, who modifies application roles.

For security purpose we need to have audit logs of administration tasks in OAC (Cloud). * Who grant and revoque access * Who create, update adn delete users, application roles. * Who create, update and delete resources/objects. Also audit reports: * Application role memberships * Permissions of resources