[SERVER-25994] Allow applyOps to validate authorization permissions at the operation level - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.2.11, 3.4.0-rc0
Component/s: Replication, Security
Labels:
- code-and-test

Backwards Compatibility:
Minor Change
Backport Completed:

3.2.11
Sprint:
Platforms 2016-09-19, Platforms 2016-10-10
Case:

Description

Currently, applyOps requires that the authenticated user has the ability to perform any operation on the system. However, applying an individual op may not require such extensive privileges. If the authenticated user has the ability to perform some operations, like inserting documents to a particular collection, they should be able to perform the same actions use applyOps.

Attachments

Issue Links

duplicates

SERVER-19191 "restore" role does not have applyOps permissions on servers using a keyFile

Closed

is documented by

DOCS-9467 Docs for SERVER-25994: Allow applyOps to validate authorization permissions at the operation level

Closed

is related to

SERVER-19768 Failed applyOps command does not create an oplog entry even with some successful writes

Closed

related to

SERVER-53674 Do not run applyOps commands in the fuzzer

Closed

SERVER-36263 Bypassing operation validation in applyOps should require special privilege

Closed

Activity

People

Assignee:: Spencer Jackson

Reporter:: Spencer Jackson

Participants:: Githook User, Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: Sep 07 2016 02:21:17 PM UTC

Updated:: Aug 04 2021 08:06:42 PM UTC

Resolved:: Sep 30 2016 05:46:36 PM UTC