Make getParameter command require different privileges depending on which parameter is being asked for

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: 2.5.4
    • Component/s: Security
    • Server Security
    • Minor Change
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Right now getParameter always requires the same privileges (granted via the clusterMonitor built-in role) no matter what the parameter being asked for is. But different parameters may have different levels of sensitivity. For example, it'd be nice if the userAdminAnyDatabase role could run

      {getParameter:1, authSchemaVersion: 1}

      .

            Assignee:
            [DO NOT USE] Backlog - Security Team
            Reporter:
            Spencer Brody (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: