Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11854

Make getParameter command require different privileges depending on which parameter is being asked for

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 2.5.4
    • Fix Version/s: Backlog
    • Component/s: Security
    • Labels:
    • Backwards Compatibility:
      Minor Change

      Description

      Right now getParameter always requires the same privileges (granted via the clusterMonitor built-in role) no matter what the parameter being asked for is. But different parameters may have different levels of sensitivity. For example, it'd be nice if the userAdminAnyDatabase role could run

      {getParameter:1, authSchemaVersion: 1}

      .

        Attachments

          Activity

            People

            Assignee:
            backlog-server-security Backlog - Security Team
            Reporter:
            spencer Spencer Brody
            Participants:
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated: