Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27344

splitVector should be under a different built-in authorization role

    XMLWordPrintable

Details

    • Improvement
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • 3.2.11
    • None
    • Security
    • None

    Description

      The unofficial, semi-documented splitVector command has its own privilege action and is included in the clusterAdmin role by default. Unfortunately, this means that splitVector cannot be used in Atlas, since Atlas does not make the clusterAdmin role available to users, and does not allow creation of user-defined roles.

      I'd suggest to put splitVector under a different built-in role such as read, readWrite, or dbAdmin.

      Attachments

        Issue Links

          Activity

            People

              backlog-server-security Backlog - Security Team
              andre.spiegel@mongodb.com Andre Spiegel
              Votes:
              1 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated: