Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-9442

Docs for SERVER-25354: users on mongos should always be able to run currentOp and killOp on their own operations

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Engineering Ticket Description:

      SERVER-17856 added support for users on mongod running currentOp and killOp against operations they themselves had started.
      From that ticket:

      Both the inprog (currentOp) and killop (killOp) roles are granted at the cluster resource level, which makes them an all-or-none condition (I believe).

      Use case:

      Give developers access to a database with restricted access (basically read-only, non-administrative authority). However because they are given the ability to execute queries, it would be nice if they had the ability to kill any process that were executed by them. Some tools, such as Aqua Data Studio, utilize the killOp command to terminate any queries executed from their query window, however this functionality only works for individuals with administrative roles.
      One solution would be to permit killOp command to be permissioned to allow a user to kill his own processes but no other.

      Perhaps even just a single new role (userKillOp?) could suffice.

      Though harder to achieve, this functionality should work on mongos as well.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              steve.renaker Steve Renaker (Inactive)
              Reporter:
              emily.hall Emily Hall
              Participants:
              Last commenter:
              Kay Kim Kay Kim (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                3 years, 46 weeks, 5 days ago
                Date of 1st Reply: