[SERVER-64335] Impersonate transport session when auditing createIndex Created: 08/Mar/22  Updated: 11/Jan/24

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Sprint: Security 2022-05-16, Security 2022-05-30, Security 2022-07-11, Security 2023-01-09, Security 2023-01-23, Security 2023-02-06, Security 2023-02-20, Security 2023-03-06, Security 2023-03-20, Security 2023-04-17, Security 2023-05-15, Security 2023-05-29, Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24, Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18
Participants:

 Description   

Index creation happens outside of a client thread. That means the index builder thread needs to impersonate the client which started the job, so that audit events include the correct user and role names. However, we do not impersonate transport session information, so local and remote IP addresses are not available. We should impersonate the transport session.


Generated at Thu Feb 08 06:00:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.