Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10228

Deprecate GodScope/God Mode

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Internal Code
    • Query Execution

      The existence of "God mode"complicates the mongod security story.

      Internal worker threads not acting directly on behalf of clients can use the following code to grant their client object full privileges.

      cc()->getAuthorizationSession()->grantInternalAuthorization(
        UserName("threadName", "local"));

      The other uses are the main() thread during startup and the authorization session code for looking up and manipulating user documents as part of user management commands. The main thread can use internal authorization, so that just leaves the user management code.

            Assignee:
            backlog-query-execution [DO NOT USE] Backlog - Query Execution
            Reporter:
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated: