Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31864

applyOps command with UUID containing op must require granular privileges

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.1, 3.7.1
    • Affects Version/s: None
    • Component/s: Internal Code
    • Labels:
    • Fully Compatible
    • v3.6
    • Storage 2017-12-04

      After SERVER-31810, the applyOps command will require elevated privileges when applying operations containing UUIDs. Tools wanting to apply these operations will need to either run with the 'restore' or equivalent custom role, or strip the UUIDs from the operations to emulate 3.4 behavior.

      In order to allow non-restore users to apply operations to collections they control and are otherwise authorized to manipulate, the privilege checks on the applyOps command must made aware of how UUIDs can be used in ops, and which privileges are required to interact with them.

            xiangyu.yao@mongodb.com Xiangyu Yao (Inactive)
            spencer.jackson@mongodb.com Spencer Jackson
            0 Vote for this issue
            9 Start watching this issue