Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22951

Using regexp patterns for resource scope in user-defined roles

    XMLWordPrintable

Details

    • New Feature
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • None
    • None
    • Security

    Description

      Resource document within Collection-Level Access Control currently supports the following.
      1. Explicit values :

      inventory collection in products database

       
      { db: "products", collection: "inventory" }
      
      

      2. Empty strings that includes the entire scope :

      all collections in products database

       
      { db: "products", collection: "" }
      
      

      Request is to have a pattern matching on either db or collection fileds, this way permissions can be granted based on the matching pattern rather then explicit literals.

      3. regexp example

      Collections starting with "inve" in products database

       
      { db: "products", collection: "^inve*" }
      
      

      Attachments

        Issue Links

          Activity

            People

              backlog-server-security Backlog - Security Team
              pavel.duchovny@mongodb.com Pavel Duchovny
              Votes:
              10 Vote for this issue
              Watchers:
              26 Start watching this issue

              Dates

                Created:
                Updated: