[SERVER-64335] Impersonate transport session when auditing createIndex Created: 08/Mar/22 Updated: 11/Jan/24 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Sprint: | Security 2022-05-16, Security 2022-05-30, Security 2022-07-11, Security 2023-01-09, Security 2023-01-23, Security 2023-02-06, Security 2023-02-20, Security 2023-03-06, Security 2023-03-20, Security 2023-04-17, Security 2023-05-15, Security 2023-05-29, Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24, Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18 | ||||
| Participants: | |||||
| Description |
|
Index creation happens outside of a client thread. That means the index builder thread needs to impersonate the client which started the job, so that audit events include the correct user and role names. However, we do not impersonate transport session information, so local and remote IP addresses are not available. We should impersonate the transport session. |