Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13699

authorization checks should always happen, even when security is disabled

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • 2.6.0
    • Internal Code, Security
    • None
    • Server Security

    Description

      Even if we aren't running with --auth, we should still have all operations run through the authorization checking code, to make us have more consistent behavior between running with and without security enabled.
      At first, if security is disabled you should be automatically granted full privileges like what the __system user has, which is equivalent to the access you currently get when authorization checking is disabled. Eventually we could make the default privileges resemble those of the "root" role rather than the __system role so that the authorization system could be used for restricting certain user actions (for example direct modifications to admin.system.users) even if they don't want to set up security on their system.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: