Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
None
Description
On the security practices page we dont mention that read only users cannot access the system.users collection for a given DB. We mention explicitly that readOnly users have read access to all collections in a db.
http://docs.mongodb.org/manual/administration/security/#security-authentication
We document it here. http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity