Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27344

splitVector should be under a different built-in authorization role

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.2.11
    • Component/s: Security
    • None
    • Server Security

      The unofficial, semi-documented splitVector command has its own privilege action and is included in the clusterAdmin role by default. Unfortunately, this means that splitVector cannot be used in Atlas, since Atlas does not make the clusterAdmin role available to users, and does not allow creation of user-defined roles.

      I'd suggest to put splitVector under a different built-in role such as read, readWrite, or dbAdmin.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            andre.spiegel@mongodb.com Andre Spiegel
            Votes:
            1 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated: