Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17513

Ability to define a global role that can be used in database context

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Major - P3
    • Resolution: Unresolved
    • None
    • Security
    • None

    Description

      The user should be able to define / create a global role that can be used in context of the users database. This would provide ability to create a globally shared role similar to built-in roles like readWrite, userAdmin etc.

      • createRole "myReadWrite" (say under admin database) that specifies fine grained resource privileges without the database name (db = "").
      • Ability to grant "myReadWrite" to a user under "testA" database, such that the myReadWrite privileges apply to the user in the context of the "testA" database only.

      This would be analogous to how role management is done in most of the systems that provide this kind of control.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            anil.kumar Anil Kumar
            Votes:
            2 Vote for this issue
            Watchers:
            13 Start watching this issue

            Dates

              Created:
              Updated: