Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 2.5.4
Component/s: Security, Usability
Labels:
- 26qa
- platforms-re-triaged

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

For UDR, add validation code to make sure that its not possible to grant incorrect, meaningless privileges. Some examples of such privileges are:

Cluster membership management (addShard, replSetReconfig, etc) on anything but the clusterResource.
CRUD (find, insert, update, remove) on cluster resource

More specifically for all action types map which ones should be grantable to which type of the five basic resource types in UDR.

For reference, the 5 types of grantable resource patterns are:

A specific namespace (<dbname>.<collectionName>)
All collections in a given database (excluding system collections)
A given collection name in all databases
All collections in all databases (excluding system collections)
The cluster resource.

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Andreas Nilsson (Inactive)
Participants:: [DO NOT USE] Backlog - Security Team, Andreas Nilsson
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Nov 18 2013 10:10:19 PM UTC
Updated:: Dec 06 2022 05:14:44 AM UTC