Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25804

The listCollections command does not take the user's permissions into account

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      Some use cases have a need for "views" per user, and need to be able to grant access only to certain collections in a single database. This can be achieved easily using user-defined roles, with the correct permissions.

      However, when configuring roles this way, users can still use the listCollections command, and list collections that they cannot read from.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sara.golemon Sara Golemon
              Reporter:
              charles.sarrazin Charles Sarrazin (Inactive)
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: