[DOCS-14079] Investigate changes in SERVER-53329: Create audit event for logout Created: 05/Jan/21  Updated: 13/Nov/23  Due: 22/Jan/21  Resolved: 20/Jan/21

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 4.9.0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Joseph Dougherty
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-53329 Create audit event for logout Closed
Participants:
Days since reply: 3 years, 3 weeks, 1 day ago
Epic Link: DOCSP-9747

 Description   

Description

Downstream Change Summary

This ticket introduces a new audit event that is logged whenever at least 1 user is logged out of a database. This occurs either when a client explicitly issues a `db.logout()` command to log out all authenticated users associated with that client on the current database or when a client closes its connection to the server, which automatically logs out all users that were authenticated on that connection (to any database). Therefore, the "Audit Event Actions, Details, and Results" table on the "System Event Audit Messages" docs page must be updated with a new entry for atype "logout". The param for this event has three fields: "reason", "initialUsers", and "updatedUsers". "Reason" is a string with one of 2 values: "Explicit logout from db '[dbName]'" or "Implicit logout due to client connection closure". "initialUsers" and "updatedUsers" are arrays which contain subdocuments, where each document contains a "user" field (with the username) and a "db" field (with the database the user is authenticated to). "initialUsers" lists all users authenticated on the current client prior to the logout event, while "updatedUsers" lists all users expected to be authenticated on the current client after the logout event. The sole result value for a "logout" audit event is 0 - success.

Description of Linked Ticket

We should record when a client logs out. An event of this nature should occur when a client issues the logout command, or implicitly logs out by closing a connection resulting in the destruction of their Client object and associated authorization session.

We'll likely need to introduce a "logout" aType. We should record the users which are being shed. We should record the users being retained.

Scope of changes

At very least update https://docs.mongodb.com/manual/reference/audit-message/#audit-event-actions-details-and-results
but maybe more pages? Not sure.

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 19/Jan/21 ]

Author:

{'name': 'Joseph Dougherty', 'email': 'joseph.dougherty@mongodb.com', 'username': 'jmd-mongo'}

Message: DOCS-14079 add audit event for logout
Branch: v5.0
https://github.com/mongodb/docs/commit/669dc9b0fba8f51e679b07a0183a5a4276da6f7c

Generated at Thu Feb 08 08:09:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.