Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22951

Using regexp patterns for resource scope in user-defined roles

    XMLWordPrintableJSON

Details

    • Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • Server Security

    Description

      Resource document within Collection-Level Access Control currently supports the following.
      1. Explicit values :

      inventory collection in products database

       
      { db: "products", collection: "inventory" }
      
      

      2. Empty strings that includes the entire scope :

      all collections in products database

       
      { db: "products", collection: "" }
      
      

      Request is to have a pattern matching on either db or collection fileds, this way permissions can be granted based on the matching pattern rather then explicit literals.

      3. regexp example

      Collections starting with "inve" in products database

       
      { db: "products", collection: "^inve*" }
      
      

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            pavel.duchovny@mongodb.com Pavel Duchovny
            Votes:
            10 Vote for this issue
            Watchers:
            29 Start watching this issue

            Dates

              Created:
              Updated: