Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25804

The listCollections command does not take the user's permissions into account

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor - P4
    • Resolution: Duplicate
    • None
    • None
    • Security
    • None

    Description

      Some use cases have a need for "views" per user, and need to be able to grant access only to certain collections in a single database. This can be achieved easily using user-defined roles, with the correct permissions.

      However, when configuring roles this way, users can still use the listCollections command, and list collections that they cannot read from.

      Attachments

        Issue Links

          Activity

            People

              sara.golemon@mongodb.com Sara Golemon
              charles.sarrazin@mongodb.com Charles Sarrazin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: