Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50394

mongod audit log attributes DDL operations to the __system user in a sharded environment

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.0.20, 3.6.19
    • Fix Version/s: 4.2.10, 4.8.0, 4.4.2
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Backport Requested:
      v4.4, v4.2, v4.0, v3.6
    • Sprint:
      Security 2020-09-21
    • Case:
    • Linked BF Score:
      50

      Description

      Seemingly related to SERVER-11192, the __system user is audited as the initiator of DDL operations like createDatabase, dropDatabase, createCollection, dropCollection, createIndex, and dropIndex when those commands are run from a mongos in a sharded environment.

      CRUD operations are correctly attributed.

      A partial workaround is to use auditAuthorizationSuccess and an auditFilter focusing on DDL operations, on mongos nodes, to obtain authCheck audits from the mongos. But this is not applicable in all cases (ex: implicit collection creation)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sara.golemon Sara Golemon
              Reporter:
              eric.sedor Eric Sedor
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: