Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11386

authCheck documentation should reflect reality

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.4
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • ALL

      The authCheck docs say "Client tried to perform the given operation, and was allowed/denied. Happens before any actions of the command, for purposes of the auditing guarantee. (only access denied for 2.6?)"

      Discussions with live engineers suggests that, indeed, only denied operations should be audit-logged. (Audit-logging every successful operation would amount to logging every database access of any kind, which would be prohibitive.)

      The code does this: denied operations are audit-logged, allowed ones are not.

      The documentation should reflect this decision with confidence and pride.

            Assignee:
            matt.dannenberg Matt Dannenberg
            Reporter:
            bard.bloom@10gen.com bard.bloom@10gen.com
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: