Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25804

The listCollections command does not take the user's permissions into account

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Minor - P4 Minor - P4
    • None
    • None
    • Security
    • None

    Description

      Some use cases have a need for "views" per user, and need to be able to grant access only to certain collections in a single database. This can be achieved easily using user-defined roles, with the correct permissions.

      However, when configuring roles this way, users can still use the listCollections command, and list collections that they cannot read from.

      Attachments

        Activity

          People

            sara.golemon@mongodb.com Sara Golemon
            charles.sarrazin@mongodb.com Charles Sarrazin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: