-
Type: Improvement
-
Resolution: Done
-
Priority: Minor - P4
-
Affects Version/s: None
-
Component/s: manual
-
Labels:None
the paragraph in this section currently reads:
"Provides the ability to create and modify roles and users on the current database. This role also indirectly provides superuser access to either the database or, if scoped to the admin database, the cluster. The userAdmin role allows users to grant any user any privilege, including themselves."
The second and third sentences are essentially a security warning. The warning is, if you grant a user the userAdmin role, they can increase their privileges.
But these sentences can be misinterpreted as a statement that granting the userAdmin role is a kind of superuser access. It's easy to miss the implication of the word "indirectly".
Thus, we propose replacing that paragraph with the following:
"Provides the ability to create and modify roles and users on the current database.
It is important to understand the security implications of granting the userAdmin role to a user on a database. That user can modify themselves, granting themselves any other role or privilege on that database. That user can also create new users with any role or privilege on that database.
Granting the userAdmin role to a user on the admin database has further security implications. That user can modify themselves, granting themselves the userAdminAnyDatabase role, and then create or modify any user with any role or privilege on any database."