[SERVER-12551] Audit DML/CRUD operations Created: 30/Jan/14 Updated: 27/Oct/15 Resolved: 12/Sep/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.6.5, 2.7.7 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Rob Young (Inactive) | Assignee: | Amalia Hawkins |
| Resolution: | Done | Votes: | 2 |
| Labels: | Auditing | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
For auditing and regulatory compliance most organizations require that all user-based Data Manipulation Language ("DML") and/or Create, Read, Update and Delete ("CRUD") operations performed against production databases be logged. This request extends the MongoDB auditing framework, introduced in version 2.6, to include logging of all user queries and DML/CRUD operations including:
Requirements for logging of these operations include: With this enhancement, we should also extend the current auditing functionality to provide high-level configuration options that allow users to set the “verbosity” of audit logging for a given server. Options to include:
|
| Comments |
| Comment by Jonathan Abrahams [ 03/Oct/14 ] |
|
DML - Data Manipulation Language |
| Comment by Githook User [ 12/Sep/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Amalia Hawkins [ 12/Sep/14 ] |
|
Documentation changes are needed to extensively document this new feature. The parameter in question is auditAuthorizationSuccess and is set using setParameter. It defaults to off. |
| Comment by Githook User [ 12/Sep/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Githook User [ 27/Feb/14 ] |
|
Author: {u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: |