[DOCS-14079] Investigate changes in SERVER-53329: Create audit event for logout Created: 05/Jan/21 Updated: 13/Nov/23 Due: 22/Jan/21 Resolved: 20/Jan/21 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual, Server |
| Affects Version/s: | None |
| Fix Version/s: | 4.9.0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Backlog - Core Eng Program Management Team | Assignee: | Joseph Dougherty |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Days since reply: | 3 years, 3 weeks, 1 day ago | ||||||||
| Epic Link: | DOCSP-9747 | ||||||||
| Description |
DescriptionDownstream Change Summary This ticket introduces a new audit event that is logged whenever at least 1 user is logged out of a database. This occurs either when a client explicitly issues a `db.logout()` command to log out all authenticated users associated with that client on the current database or when a client closes its connection to the server, which automatically logs out all users that were authenticated on that connection (to any database). Therefore, the "Audit Event Actions, Details, and Results" table on the "System Event Audit Messages" docs page must be updated with a new entry for atype "logout". The param for this event has three fields: "reason", "initialUsers", and "updatedUsers". "Reason" is a string with one of 2 values: "Explicit logout from db '[dbName]'" or "Implicit logout due to client connection closure". "initialUsers" and "updatedUsers" are arrays which contain subdocuments, where each document contains a "user" field (with the username) and a "db" field (with the database the user is authenticated to). "initialUsers" lists all users authenticated on the current client prior to the logout event, while "updatedUsers" lists all users expected to be authenticated on the current client after the logout event. The sole result value for a "logout" audit event is 0 - success. Description of Linked TicketWe should record when a client logs out. An event of this nature should occur when a client issues the logout command, or implicitly logs out by closing a connection resulting in the destruction of their Client object and associated authorization session. We'll likely need to introduce a "logout" aType. We should record the users which are being shed. We should record the users being retained. Scope of changesAt very least update https://docs.mongodb.com/manual/reference/audit-message/#audit-event-actions-details-and-results Impact to Other DocsMVP (Work and Date)Resources (Scope or Design Docs, Invision, etc.) |
| Comments |
| Comment by Githook User [ 19/Jan/21 ] |
|
Author: {'name': 'Joseph Dougherty', 'email': 'joseph.dougherty@mongodb.com', 'username': 'jmd-mongo'}Message: |