Details
-
Improvement
-
Resolution: Unresolved
-
Major - P3
-
None
-
2.5.4
-
Server Security
-
Fully Compatible
Description
For UDR, add validation code to make sure that its not possible to grant incorrect, meaningless privileges. Some examples of such privileges are:
- Cluster membership management (addShard, replSetReconfig, etc) on anything but the clusterResource.
- CRUD (find, insert, update, remove) on cluster resource
More specifically for all action types map which ones should be grantable to which type of the five basic resource types in UDR.
For reference, the 5 types of grantable resource patterns are:
- A specific namespace (<dbname>.<collectionName>)
- All collections in a given database (excluding system collections)
- A given collection name in all databases
- All collections in all databases (excluding system collections)
- The cluster resource.
Attachments
Issue Links
- is related to
-
DOCS-2239 Add more details to the list of actions grantable in privileges
-
- Closed
-