-
Type:
Bug
-
Status: Closed
-
Priority:
Major - P3
-
Resolution: Fixed
-
Affects Version/s: 4.0.20, 3.6.19
-
Component/s: None
-
Labels:None
-
Backwards Compatibility:Minor Change
-
Operating System:ALL
-
Backport Requested:v4.4, v4.2, v4.0, v3.6
-
Sprint:Security 2020-09-21
-
Case:
-
Linked BF Score:50
Seemingly related to SERVER-11192, the __system user is audited as the initiator of DDL operations like createDatabase, dropDatabase, createCollection, dropCollection, createIndex, and dropIndex when those commands are run from a mongos in a sharded environment.
CRUD operations are correctly attributed.
A partial workaround is to use auditAuthorizationSuccess and an auditFilter focusing on DDL operations, on mongos nodes, to obtain authCheck audits from the mongos. But this is not applicable in all cases (ex: implicit collection creation)
- is related to
-
SERVER-11192 Audit system cannot ascribe DDL operations in a sharded cluster to an end user.
-
- Closed
-
- related to
-
SERVER-50990 createIndex audit with user name
-
- Open
-
-
SERVER-50991 audit createIndex on empty collection
-
- Open
-
-
SERVER-50994 Audit of dropCollection during dropDatabase
-
- Open
-
-
SERVER-50993 Audit dropCollection for views
-
- In Code Review
-
-
SERVER-50992 Include viewOn and pipeline in createCollection audit entry for views
-
- Closed
-