Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4766

Audit: resetting include list by setting exclude list and vice versa is user-unfriendly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      The current implementation description (https://kb.askmonty.org/en/server_audit-plugin/) says:

      server_audit_incl_dml_users:
      ... When it's set, the server_audit_excl_dml_users will be emptied as they can't be specified simultaneously. ...

      The same goes for all 4 of include/exclude variables, and it indeed works this way.

      Please reconsider this.

      Imagine that an admin created a long list of users to audit (hand-picking them manually, maybe over the time), then realized that one or two are not needed, and decided (logically) to add them to the list of excluded users, thinking it would work. Instead, the whole precious long list got wiped off.

      Ideally, both lists should work simultaneously. The logic doesn't seem complicated:

      incl='', excl='' - all users are logged;
      incl='', excl='foo, bar' - all users except for foo and bar are logged;
      incl='foo, bar', excl='' - only foo and bar are logged;
      incl='foo, bar', excl='bar, foobar' - only foo is logged;

      But if on some reason it's impossible or undesirable, and incl/excl lists cannot work simultaneously, throw an error on an attempt to populate one when another is not empty. Make the user to set the old list to an empty value manually – it's just one statement (and it should not happen often, so not a huge burden), but it will prevent human errors.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              holyfoot Alexey Botchkov
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: