Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.1.4
Affects Version/s: None
Component/s: Admin
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2018-09-10, Security 2018-09-24, Security 2018-10-08
Linked BF Score:
19
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Currently, updating any user will invalidate its entry in the user cache. The next time that user attempts to perform an operation, the AuthorizationManager will pull the canonical document from disk, taking a shared lock on the system's user collection. If a long running operation has taken an exclusive lock on the whole system, the AuthorizationManager may block until it finishes. Attempting to run administrative operations such as killOp or currentOp may cause the AuthorizationManager to perform this update.

We should have a mechanism to ensure that at least some users are always held in memory. Authentication or authorization, and by extension running killOp, would never need to block.

is duplicated by

SERVER-35637 DDL operations blocked by transactions also block authentication

Closed

is related to

SERVER-13586 Remove user cache invalidation from user management commands

Backlog

related to

SERVER-33648 Attempting to perform user- and role-management commands in db.eval() with nolock=false can lead to deadlock

Closed

SERVER-35890 Make Authorization user cache a general purpose lifetime manager

Closed

Assignee:: Jonathan Reams
Reporter:: Spencer Jackson
Participants:: Githook User, Jonathan Reams, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Oct 13 2017 05:11:58 PM UTC
Updated:: Oct 30 2023 11:12:48 PM UTC
Resolved:: Oct 01 2018 07:51:02 PM UTC
Confidence Status Last Update:: 18/Sep/18 3:34 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates