[SERVER-52860] Split Namespace used for Authorization Actions and Audit Events Created: 13/Nov/20  Updated: 29/Oct/23  Resolved: 03/Dec/20

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Shreyas Kalyan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Security 2020-11-30, Security 2020-12-14
Participants:

 Description   

Currently, all audit event types are valid authorization ActionTypes. This means that audit event types can be granted as meaningless authorization rights. We should create a second set of ActionTypes for use with auditing, which contains all existing ActionTypes used for auditing purposes. All new event types shall be added exclusively to the new set. Existing audit event types in the authorization set shall not be removed, for backwards compatibility, but shall be marked as deprecated.



 Comments   
Comment by Githook User [ 03/Dec/20 ]

Author:

{'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}

Message: SERVER-52860 Split Namespace used for Authorization Actions and Audit Events
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/9d96de211775a5ac5d75fa2407ef9e5bfcf0b483

Generated at Thu Feb 08 05:29:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.