Details
-
Improvement
-
Status: Closed
-
Major - P3
-
Resolution: Done
-
None
-
Minor Change
-
Platforms 2016-09-19, Platforms 2016-10-10
-
(copied to CRM)
Description
Currently, applyOps requires that the authenticated user has the ability to perform any operation on the system. However, applying an individual op may not require such extensive privileges. If the authenticated user has the ability to perform some operations, like inserting documents to a particular collection, they should be able to perform the same actions use applyOps.
Attachments
Issue Links
- duplicates
-
SERVER-19191 "restore" role does not have applyOps permissions on servers using a keyFile
-
- Closed
-
- is documented by
-
DOCS-9467 Docs for SERVER-25994: Allow applyOps to validate authorization permissions at the operation level
-
- Closed
-
- is related to
-
SERVER-19768 Failed applyOps command does not create an oplog entry even with some successful writes
-
- Closed
-
- related to
-
SERVER-53674 Do not run applyOps commands in the fuzzer
-
- Closed
-
-
SERVER-36263 Bypassing operation validation in applyOps should require special privilege
-
- Closed
-