Details
-
Epic
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
-
None
-
Needed
Description
This project will deprecate the concept of simultaneously authenticating as multiple users on a single connection, with the intent to remove that feature in the future. To aid with deprecation, work done in this project will prevent that feature from being used in APIVersion 1.
Description of Linked Ticket
Summary
This project will deprecate the ability for clients to authenticate to MongoDB as multiple users, with the intent to remove it in the next LTS release of the product.
Motivation
Historically, administrators were expected to create distinct sets of users in different databases, and delegate management responsibilities to per-database user administrators. To support this functionality, it has been possible to authenticate as two separate users from two different databases simultaneously. Clients authenticated as two users would possess the union of privileges possessed by both users.
Clients no longer take advantage of this behaviour. For each connection they establish, compliant drivers authenticate exactly once using credentials provided in their configuration, which precludes multi-user authentication. Drivers automatically create implicit Logical Sessions which are incompatible with multi-user authentication. Attempting to use both features at the same time will result in an error.
Support for multi-user authentication complicates the server's authorization logic, and makes it harder for implementers of the server's wire protocol to understand the authorization model. We should deprecate this behaviour with the intent to remove it in an upcoming release.
Cast of Characters
- Product Owner:
- Project Lead:
- Program Manager:
- Drivers Contact: