IBM Security Guardium: The only object associated with the MongoDB command db.grantRolesToUser is the user and the collection is not logged.

Question & Answer

Question

If I execute the command db.grantRolesToUser on a MongoDB collection the only object associated with that command is the user. The collection that the role was granted on is not logged in the Guardium report as an object. For example: db.grantRolesToUser( "testUser", ["readWrite", {role: "read",db:"Collection1"} Using the above example the verb logged is "grantRolesToUser" and the object stored in the Guardium report is the user name "testUser". Is this expected behaviour, and why does this behaviour not match other databases?

Answer

Yes this is expected behaviour, this is how the interaction between the MongoDB database and the Guardium Appliance was designed.

Each database processes information using their own logic, therefore it is not possible to expect the information generated to contain the same details.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Appliances","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.1;10.1.2;10.1.3;10.1.4;10.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

IBM Security Guardium: The only object associated with the MongoDB command db.grantRolesToUser is the user and the collection is not logged.

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?