[SERVER-30247] Auditing login messages should contain roles user has at login time and whenever they change - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.9.0
Component/s: Admin
Labels:
- gm-ack
- neweng

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2021-02-22, Security 2021-03-08

Description

External authorization mean that someones external groups may change, which in turn changes their MongoDB credentials, but no audit entry is produced for MongoDB. It therefore makes it very difficult to answer a question like "What permissions did this user have that allowed them to do this?"

Attachments

Activity

People

Assignee:: Benjamin Caimano (Inactive)

Reporter:: Osmar Olivo

Participants:: Andy Schwerin, Benjamin Caimano, Githook User, Gregory McKeon, Osmar Olivo

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Jul 20 2017 08:30:11 PM UTC

Updated:: Feb 26 2021 08:53:08 PM UTC

Resolved:: Feb 26 2021 08:52:20 PM UTC