Documentation Request Summary:

Description

Previously, the listDatabases command would fail "Unauthorized" for any user who does not have the listDatabases privilege.

With this change, all users will get some kind of positive result, however if this may be a partial or even empty set depending on the user's read permissions.

Scope of Changes

https://docs.mongodb.com/manual/reference/command/listDatabases/index.html
https://docs.mongodb.com/manual/reference/command/index.html (possibly)
Talk to an SME about the impact of this on listCollections: https://docs.mongodb.com/manual/reference/command/listCollections/index.html
This page might need specific updates for any mention of listDatabases and should probably have a general statement about the ability for any authenticated user to list databases. https://docs.mongodb.com/manual/core/security-built-in-roles/
Review (there is mention of inherited priviledges, etc. Also, this is where admins will go to enable listDatabases access): https://docs.mongodb.com/manual/tutorial/manage-users-and-roles/

Other Docs Affected

Review Compass docs for further scoping
Review Atlas docs for further scoping
Review BI Connector, since BI is one motivator for this project.
- https://docs.mongodb.com/bi-connector/current/reference/mongosqld/index.html
- https://docs.mongodb.com/bi-connector/current/schema-configuration/index.html

Engineering Ticket Description:

EDITED Mar 5 2015
Updating ticket according to discussion in the comments.

Make listDatabases command available to all authenticated users
return the databases a user has read/write access to
A user in possession of the listDatabases action type should as today be able to list all databases

======================
When running in authentication mode, show dbs will only work for a user authenticated on the admin database. However, it makes sense to list all of the available databases to anyone and request the authentication upon db selection.

This is currently not possible. The user needs to either know the DB name to connect to upfront, or connect as admin for show dbs to work. 3drepo.org has a use case for this.

This is related to:
~~SERVER-4823~~
~~SERVER-3181~~
(a list of names without info will be sufficient, as requested previously, although, in such a case the drivers would need to support querying for that)

MySQL and others will happily list dbs to any user.

Attachments

Issue Links

documents

SERVER-6898 Allow all authenticated users to run listDatabases

Closed

Activity

People

Assignee:: Jeffrey Allen

Reporter:: Kay Kim (Inactive)

Participants:: Githook User, Jeffrey Allen, Kay Kim

Last commenter:: Jess Mokrzecki

Docs Reviewer:: Nicholas Larew

External Reviewer:: Sara Golemon

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: Dec 08 2017 12:39:53 AM UTC

Updated:: Jun 04 2018 04:51:12 PM UTC

Resolved:: Jun 04 2018 04:43:39 PM UTC

Days since reply:: 5 years, 1 week, 3 days ago

Date of 1st Reply:: 24/May/18 4:30 PM