Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12512

Add role-based, selective audit logging.

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.6.4, 2.7.4
    • Logging, Security
    • Minor Change

    Description

      For compliance, many organizations are required to audit/log the activity of all or selected users of specific resources. Our current auditing implementation provides a way to specify selective logging by operation type or by acting user, which are fields in the audit log message. However, there is currently no way to log the actions of all users possessing a given role.

      We should add the option to isolate and filter user activity logging based on which users possess a certain role. For example, I should be able to specify "audit log all actions taken by users with the userAdmin role on the admin database" or a list of roles such as "audit log all actions taken by users with the dbAdmin role on the foo database or the userAdmin role on the foo database or the readWrite role on the bar database."

      Note that roles are defined on a database, i.e. role foo on database bar, and the user should specify a role in this manner. We may wish to provide the user with some sort of wildcard option, i.e. role foo on all databases.

      Attachments

        Issue Links

          Activity

            People

              amalia.hawkins@10gen.com Amalia Hawkins
              rob.young@10gen.com Rob Young
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: