Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31864

applyOps command with UUID containing op must require granular privileges

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.6.1, 3.7.1
    • Internal Code
    • Fully Compatible
    • v3.6
    • Storage 2017-12-04

    Description

      After SERVER-31810, the applyOps command will require elevated privileges when applying operations containing UUIDs. Tools wanting to apply these operations will need to either run with the 'restore' or equivalent custom role, or strip the UUIDs from the operations to emulate 3.4 behavior.

      In order to allow non-restore users to apply operations to collections they control and are otherwise authorized to manipulate, the privilege checks on the applyOps command must made aware of how UUIDs can be used in ops, and which privileges are required to interact with them.

      Attachments

        Issue Links

          Activity

            People

              xiangyu.yao@mongodb.com Xiangyu Yao (Inactive)
              spencer.jackson@mongodb.com Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: