Major - P3
Documentation Request Summary:
Previously, the listDatabases command would fail "Unauthorized" for any user who does not have the listDatabases privilege.
With this change, all users will get some kind of positive result, however if this may be a partial or even empty set depending on the user's read permissions.
Scope of Changes
- https://docs.mongodb.com/manual/reference/command/index.html (possibly)
- Talk to an SME about the impact of this on listCollections: https://docs.mongodb.com/manual/reference/command/listCollections/index.html
- This page might need specific updates for any mention of listDatabases and should probably have a general statement about the ability for any authenticated user to list databases. https://docs.mongodb.com/manual/core/security-built-in-roles/
- Review (there is mention of inherited priviledges, etc. Also, this is where admins will go to enable listDatabases access): https://docs.mongodb.com/manual/tutorial/manage-users-and-roles/
Other Docs Affected
- Review Compass docs for further scoping
- Review Atlas docs for further scoping
- Review BI Connector, since BI is one motivator for this project.
Engineering Ticket Description:
EDITED Mar 5 2015
Updating ticket according to discussion in the comments.
- Make listDatabases command available to all authenticated users
- return the databases a user has read/write access to
- A user in possession of the listDatabases action type should as today be able to list all databases
When running in authentication mode, show dbs will only work for a user authenticated on the admin database. However, it makes sense to list all of the available databases to anyone and request the authentication upon db selection.
This is currently not possible. The user needs to either know the DB name to connect to upfront, or connect as admin for show dbs to work. 3drepo.org has a use case for this.
This is related to:
(a list of names without info will be sufficient, as requested previously, although, in such a case the drivers would need to support querying for that)
MySQL and others will happily list dbs to any user.
SERVER-6898 Allow all authenticated users to run listDatabases