[SERVER-52860] Split Namespace used for Authorization Actions and Audit Events Created: 13/Nov/20 Updated: 29/Oct/23 Resolved: 03/Dec/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | 4.9.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Shreyas Kalyan |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Security 2020-11-30, Security 2020-12-14 |
| Participants: |
| Description |
|
Currently, all audit event types are valid authorization ActionTypes. This means that audit event types can be granted as meaningless authorization rights. We should create a second set of ActionTypes for use with auditing, which contains all existing ActionTypes used for auditing purposes. All new event types shall be added exclusively to the new set. Existing audit event types in the authorization set shall not be removed, for backwards compatibility, but shall be marked as deprecated. |
| Comments |
| Comment by Githook User [ 03/Dec/20 ] |
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}Message: |