Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12141

Docs for SERVER-37551: Add {authorizedDatabases:bool} param to {listDatabases} command.

    XMLWordPrintableJSON

Details

    Description

      Description

      Description:

      This change introduces a new optional boolean argument to the

      {listDatabases:1}

      command called "authorizedDatabases".

      The value of the argument must be either true or false if present.

      If present and true, then only those databases which the user has the `find` privilege on will be returned, even if they have the `listDatabases` privilege which would otherwise grant permissions to enumate all databases.

      If present and false, the all databases will be included, but ONLY if the user also has the listDatabases privilege. If they do not possess this privilege, but ask for all databases anyway (by passing false), then an Unauthorized error will be returned.

      If the new param is not present, the command behaves as it currently does, returning all databases for users with the `listDatabases` privilege, and only those databases which the user has `find` privileges on for all others.

      Scope of changes

      • listDatabases command
      • built-in roles + auth actions privileges
      • Although we have some scripts that use listDatabases, for now, will not call out since we use the default. Although, may, want to blurb to check privileges in those spots.

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            kay.kim@mongodb.com Kay Kim (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              5 years, 7 weeks, 6 days ago