Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10228

Deprecate GodScope/God Mode

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Internal Code
    • Query Execution

    Description

      The existence of "God mode"complicates the mongod security story.

      Internal worker threads not acting directly on behalf of clients can use the following code to grant their client object full privileges.

      cc()->getAuthorizationSession()->grantInternalAuthorization(
              UserName("threadName", "local"));
      

      The other uses are the main() thread during startup and the authorization session code for looking up and manipulating user documents as part of user management commands. The main thread can use internal authorization, so that just leaves the user management code.

      Attachments

        Activity

          People

            backlog-query-execution Backlog - Query Execution
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated: