Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-15228

[Server] Investigate changes in SERVER-65088: Create a privilegeless role called 'directShardOperations'

    XMLWordPrintableJSON

Details

    Description

      Original Downstream Change Summary

      The server now has a new built-in role, `directShardOperations`. In 6.0, assigning this role to a user is a no-op and gives it no privileges. In post-6.0 releases, auth-enabled clusters will begin restricting direct operations on shards to authenticated users that have the `directShardOperations` role.

      Description of Linked Ticket

      We want to create this "placeholder" role in 6.0.0 that servers no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards.

      Attachments

        Activity

          People

            Unassigned Unassigned
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              1 year, 43 weeks, 1 day ago