Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27344

splitVector should be under a different built-in authorization role

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • 3.2.11
    • Security
    • None
    • Server Security

    Description

      The unofficial, semi-documented splitVector command has its own privilege action and is included in the clusterAdmin role by default. Unfortunately, this means that splitVector cannot be used in Atlas, since Atlas does not make the clusterAdmin role available to users, and does not allow creation of user-defined roles.

      I'd suggest to put splitVector under a different built-in role such as read, readWrite, or dbAdmin.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            andre.spiegel@mongodb.com Andre Spiegel
            Votes:
            1 Vote for this issue
            Watchers:
            14 Start watching this issue

            Dates

              Created:
              Updated: