Details
-
New Feature
-
Resolution: Duplicate
-
Major - P3
-
None
-
1.8.1
-
None
Description
Feature:
Restrict the creation of users to the admin only.
Use Case:
/* User can be added to DB test*/
> use test
switched to db test
> db.addUser("thetest","xxx");
{
"_id" : ObjectId("4dd0a3aa7f39df02fe90fba7"),
"user" : "thetest",
"readOnly" : false,
"pwd" : "6acce88bf52666bb832d0d51d5b4e94a"
}
/* User can be auth'ed and create data */
> db.auth("thetest","xxx");
1
> db.foobar.save(
);
> db.foobar.find();
/* This new user can now add another user in the test database - this should be prevented since they are not auth'ed to the admin database */
> db.addUser("thetest2","boohoo");
{
"user" : "thetest2",
"readOnly" : false,
"pwd" : "0d2b4b28061638251db69fb85b32ee79"
}
Attachments
Issue Links
- depends on
-
SERVER-3198 Ability to restrict operations by role
-
- Closed
-
-
SERVER-7122 Assign commands to system roles
-
- Closed
-
-
SERVER-7126 new authPrinciples and acquiredCapabilities data structures
-
- Closed
-