-
Type: New Feature
-
Resolution: Unresolved
-
Priority: Minor - P4
-
Affects Version/s: None
-
Component/s: Security
-
Labels:None
-
Server Security
-
(copied to CRM)
Allow for custom mappings to be defined between Kerberos accounts and mongodb users.
The idea here being that the mongodb account names do not precisely match up with the kerberos account username and the kerberos account has the possibility to log in to any account out of the subset it is mapped to.
The reason this feature would be useful is for limiting the permissions/privileges a user runs with that user being able to temporarily elevate privileges during emergencies. The key here is to have all of these actions be audited appropriately.