Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31864

applyOps command with UUID containing op must require granular privileges

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.1, 3.7.1
    • Component/s: Internal Code
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v3.6
    • Sprint:
      Storage 2017-12-04

      Description

      After SERVER-31810, the applyOps command will require elevated privileges when applying operations containing UUIDs. Tools wanting to apply these operations will need to either run with the 'restore' or equivalent custom role, or strip the UUIDs from the operations to emulate 3.4 behavior.

      In order to allow non-restore users to apply operations to collections they control and are otherwise authorized to manipulate, the privilege checks on the applyOps command must made aware of how UUIDs can be used in ops, and which privileges are required to interact with them.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              xiangyu.yao Xiangyu Yao (Inactive)
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: