-
Type: Task
-
Resolution: Duplicate
-
Priority: Major - P3
-
None
-
Affects Version/s: 2.5.2
-
Component/s: Security
-
None
-
Minor Change
The old form of addUser didn't take any role names as input, it just took a read-only boolean. There were basically 4 kinds of users it could make, based on the value of readOnly and whether or not the command was run on the admin DB. We need to figure out what the right roles to grant users are in each of those 4 cases.
Proposed plan:
- DB-level read-only gets the "read" role.
- DB-level read-write gets the new "dbOwner" role, which is the equivalent of readWrite + dbAdmin + userAdmin on that database.
- admin read-only gets the "readAnyDatabase" role
- admin read-write gets a still-to-be-named "superuser" role.
- duplicates
-
SERVER-10794 For compatibility with old versions of the shell, db.addUser("user", "password") should create a super-user.
- Closed
- is depended on by
-
JAVA-909 Update user manipulation helpers to use new manipulation commands provided by the server.
- Closed