[SERVER-54260] Ensure that DDL operations are only audited on Primaries Created: 03/Feb/21  Updated: 29/Oct/23  Resolved: 02/Mar/21

Status: Closed
Project: Core Server
Component/s: Admin, Security, Storage
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-14187 Investigate changes in SERVER-54260: ... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2021-02-22, Security 2021-03-08
Participants:

 Description   

DDL operations are currently audited on primaries and secondaries. Unfortunately, the audit hooks for these operations are buried in the execution machinery which is invoked during parallel batch application. This means that synchronous file writes, to the log file, are performed in the critical path of oplog application, potentially impairing the node's ability to keep up with its primary.

We should prevent secondaries from emitting DDL audit events for replicated changes.

 

Note that we must still record DDL events for local, non-replicated changes. These are DDL operations on the local database, and any collection named system.profile.



 Comments   
Comment by Githook User [ 01/Mar/21 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-54260: Ensure that DDL operations are only audited on primaries
Branch: master
https://github.com/mongodb/mongo/commit/acb4532656672f4aa260f3ca046715f756886d99

Comment by Githook User [ 01/Mar/21 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-54260: Ensure that DDL operations are only audited on primaries
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/1911bf178d91d289430b7cc4408b17fd3684603a

Generated at Thu Feb 08 05:33:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.