Audit plugin does not exclude users which are definer for events if audit_log_include|exclude_accounts used
General
Escalation
General
Escalation
Description
Environment
None
AFFECTED CS IDs
247407
Attachments
1
Smart Checklist
Activity
Show:
Julia Vural March 4, 2025 at 9:03 PM
It appears that this issue is no longer being worked on, so we are closing it for housekeeping purposes. If you believe the issue still exists, please open a new ticket after confirming it's present in the latest release.
Sergei Glushchenko February 26, 2019 at 2:56 PM
I wonder why the command_class is 'create_procedure'. But if it is the same for any kind of triggered event, then we could additionally check user filters for 'create_procedure' events.
Sveta Smirnova February 26, 2019 at 2:34 PM
It is possible to filter these evetnts by command_class, but in this case it will filter all the events.
Sergei Glushchenko February 26, 2019 at 2:29 PMEdited
how does the log record itself look like? Does it include correct user?
Sveta Smirnova February 26, 2019 at 1:39 PM
Test case for MTR attached.
Actual output:
0
0
3
5
5
7
Expected output:
0
0
1
3
1
3
Won't Do
Details
Details
Assignee
Unassigned
UnassignedReporter
Sveta SmirnovaLabels
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created February 26, 2019 at 12:19 PM
Updated March 4, 2025 at 9:03 PM
Resolved March 4, 2025 at 9:03 PM
User manual at https://www.percona.com/doc/percona-server/LATEST/management/audit_log_plugin.html#filtering-by-user says:
>The filtering by user feature adds two new global variables:
audit_log_include_accountsandaudit_log_exclude_accountsto specify which user accounts should be included or excluded from audit logging>
> Changes of
audit_log_include_accountsandaudit_log_exclude_accountsdo not apply to existing server connections.However user manual does not say that filtering applies only to user connections and does not apply to definers of events.
How to Repeat:
There are two methods to repeat.
1. Read the code
Notice that audit_log_check_account_included and audit_log_check_account_excluded are checked for MYSQL_AUDIT_CONNECTION_CLASS .
Then grep if they are checked for:
2. Run attached test case