Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.6.3, 3.7.1
Affects Version/s: None
Component/s: Querying, Security
Labels:
None

Backwards Compatibility:
Major Change
Backport Requested:

v3.6
Sprint:
Platforms 2017-11-13, Platforms 2017-12-04
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

A ClientCursor is associated with the set of users that were authenticated when it was created.
A killCursors should only succeed if the intersection of currently authenticated users and the set of users associated with the ClientCursor is nonempty (or the set of users associated with the ClientCursor is empty), or if the user has the killAnyCursor privilege for that collection.

causes

SERVER-32169 A cursor created with a session cannot be killed outside that session

Closed

is related to

SERVER-9609 Ensure users can only call getMore on cursors they created

Closed

related to

SERVER-17856 users on mongods should always be able to run currentOp and killOp on their own operations

Closed

Assignee:: Sara Golemon (Inactive)
Reporter:: Tess Avitabile (Inactive)
Participants:: Andy Schwerin, Githook User, Sara Golemon, Tess Avitabile
Votes:: 1 Vote for this issue
Watchers:: 11 Start watching this issue

Created:: Mar 09 2017 04:21:52 PM UTC
Updated:: May 17 2019 01:43:46 PM UTC
Resolved:: Nov 30 2017 07:52:00 PM UTC
Confidence Status Last Update:: 18/Oct/17 7:42 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates