[SERVER-12512] Add role-based, selective audit logging. Created: 28/Jan/14 Updated: 27/Oct/15 Resolved: 21/Jul/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.6.4, 2.7.4 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Rob Young (Inactive) | Assignee: | Amalia Hawkins |
| Resolution: | Done | Votes: | 0 |
| Labels: | Auditing | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Description |
|
For compliance, many organizations are required to audit/log the activity of all or selected users of specific resources. Our current auditing implementation provides a way to specify selective logging by operation type or by acting user, which are fields in the audit log message. However, there is currently no way to log the actions of all users possessing a given role. We should add the option to isolate and filter user activity logging based on which users possess a certain role. For example, I should be able to specify "audit log all actions taken by users with the userAdmin role on the admin database" or a list of roles such as "audit log all actions taken by users with the dbAdmin role on the foo database or the userAdmin role on the foo database or the readWrite role on the bar database." Note that roles are defined on a database, i.e. role foo on database bar, and the user should specify a role in this manner. We may wish to provide the user with some sort of wildcard option, i.e. role foo on all databases. |
| Comments |
| Comment by Amalia Hawkins [ 06/Aug/14 ] |
|
Fixed. |
| Comment by Atul Kachru [ 06/Aug/14 ] |
|
Question amalia.hawkins@10gen.com: |
| Comment by Githook User [ 22/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: (cherry picked from commit f2d47ee) |
| Comment by Githook User [ 22/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: (cherry picked from commits 241389c and 834d8c6) |
| Comment by Githook User [ 21/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Githook User [ 21/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Githook User [ 21/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Eric Milkie [ 16/Jul/14 ] |
|
backwards compatibility -> minor change, due to audit log format change. |