Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.1.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Sprint:
Security 2024-12-23, Security 2025-01-20, Security 2025-02-17
Linked BF Score:
200
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Now that AuditUserAttrs can be trusted to contain the correct user and roles that need to be audited (either directly authenticated or impersonated), update the mongo-formatted audit logs to retrieve user and role information from AuditUserAttrs instead of AuthorizationSession.

is duplicated by

SERVER-97916 Update AuditEventOCSF::_buildUser() to use AuditUserAttrs

Closed

SERVER-97918 Remove impersonated user and roles from AuthorizationSession

Closed

SERVER-98964 Remove ImpersonationSessionGuard

Closed

is related to

SERVER-98964 Remove ImpersonationSessionGuard

Closed

Assignee:: Gabriel Marks
Reporter:: Varun Ravichandran
Participants:: Gabriel Marks, Githook User, Varun Ravichandran
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Dec 04 2024 08:11:59 PM UTC
Updated:: Apr 09 2025 09:01:59 PM UTC
Resolved:: Feb 13 2025 04:27:30 PM UTC
Confidence Status Last Update:: 23/Dec/24 4:17 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates