[SERVER-11386] authCheck documentation should reflect reality Created: 25/Oct/13  Updated: 11/Jul/16  Resolved: 25/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: bard.bloom@10gen.com Assignee: Matt Dannenberg
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-11380 authCheck action gives wrong or no au... Closed
Operating System: ALL
Participants:

 Description   

The authCheck docs say "Client tried to perform the given operation, and was allowed/denied. Happens before any actions of the command, for purposes of the auditing guarantee. (only access denied for 2.6?)"

Discussions with live engineers suggests that, indeed, only denied operations should be audit-logged. (Audit-logging every successful operation would amount to logging every database access of any kind, which would be prohibitive.)

The code does this: denied operations are audit-logged, allowed ones are not.

The documentation should reflect this decision with confidence and pride.



 Comments   
Comment by Matt Dannenberg [ 25/Oct/13 ]

(only access denied will be present for MongoDB Enterprise 2.6) replaced the (only access denied for 2.6?) in the wiki/docs

Generated at Thu Feb 08 03:25:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.