[SERVER-22237] Built-in role that allows full control over data, but not security or topology - MongoDB

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.2.4, 3.3.2
Component/s: Security
Labels:
- code-and-test

Backwards Compatibility:
Fully Compatible
Backport Completed:

3.2.4
Sprint:
Security F (01/29/16), Security 10 (02/19/16)
Linked BF Score:
0

Description

This is a request for a new built-in role that includes the following:

Ability to read and write data to any database (excluding ability to directly modify system.users, system.roles). i.e. readWriteAnyDatabase
Ability to enable sharding on a database and ability to shard collections.

... but excludes the following:

Ability to create, edit, delete users
Ability to add/remove shard
Ability to modify the replica set configuration (including add/remove member, change priorities, etc.)

Attachments

Activity

People

Assignee:

Andreas Nilsson

Reporter:

Cailin Nelson

Participants:

Andreas Nilsson, Cailin Nelson, Githook User

Votes:

0 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

Jan 20 2016 04:09:20 AM UTC

Updated:

Nov 22 2016 06:37:29 PM UTC

Resolved:

Feb 03 2016 08:20:49 PM UTC