Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22237

Built-in role that allows full control over data, but not security or topology

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.4, 3.3.2
    • Component/s: Security
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Completed:
    • Sprint:
      Security F (01/29/16), Security 10 (02/19/16)
    • Linked BF Score:
      0

      Description

      This is a request for a new built-in role that includes the following:

      • Ability to read and write data to any database (excluding ability to directly modify system.users, system.roles). i.e. readWriteAnyDatabase
      • Ability to enable sharding on a database and ability to shard collections.

      ... but excludes the following:

      • Ability to create, edit, delete users
      • Ability to add/remove shard
      • Ability to modify the replica set configuration (including add/remove member, change priorities, etc.)

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: