Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-54260

Ensure that DDL operations are only audited on Primaries

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.9.0
    • Component/s: Admin, Security, Storage
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Sprint:
      Security 2021-02-22, Security 2021-03-08

      Description

      DDL operations are currently audited on primaries and secondaries. Unfortunately, the audit hooks for these operations are buried in the execution machinery which is invoked during parallel batch application. This means that synchronous file writes, to the log file, are performed in the critical path of oplog application, potentially impairing the node's ability to keep up with its primary.

      We should prevent secondaries from emitting DDL audit events for replicated changes.

       

      Note that we must still record DDL events for local, non-replicated changes. These are DDL operations on the local database, and any collection named system.profile.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              varun.ravichandran Varun Ravichandran
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: