Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23457

CREATE / DROP PROCEDURE not logged with audit plugin

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Confirmed (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 10.5.4
    • Fix Version/s: 10.5
    • Component/s: Plugin - Audit
    • Labels:
      None

      Description

      The commands

      DELIMITER //
       
      CREATE PROCEDURE simpleproc (OUT param1 INT)
       BEGIN
        SELECT COUNT(*) INTO param1 FROM t;
       END;
      //
       
      DELIMITER ;
       
      DROP PROCEDURE simpleproc ;
      

      will not be logged with

      set global server_audit_events = "CONNECT,QUERY_DDL,QUERY_DCL";

      also not with QUERY_DML

      set global server_audit_events = "CONNECT,QUERY_DDL,QUERY_DCL,QUERY_DML";

      with adding QUERY it works.

      set global server_audit_events = "CONNECT,QUERY_DDL,QUERY_DCL,QUERY_DML,QUERY";

      In the KB CREATE / DROP PROCEDURE will not classified as DDL.

      —except CREATE/DROP [PROCEDURE / FUNCTION / USER] and RENAME USER (they're not DDL)
      

      [https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/|
      https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/]

      Even if this would be true, it should be logged with adding QUERY_DML at least,
      but SQL standard classify it also as DDL.

      https://www.w3schools.in/mysql/ddl-dml-dcl/#DDL

      In MariaDB and SQL standard DROP / CREATE Procedures is classified as DDL.

        Attachments

          Activity

            People

            Assignee:
            holyfoot Alexey Botchkov
            Reporter:
            Richard Richard Stracke
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated: