Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-53767

Security arch guide user management and authz corrections

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • Server Security

      The arch guide says the UMCTransaction uses the applyOps command (https://github.com/mongodb/mongo/blob/c061668218c8cbff1f508aa0204f452485d4bb36/src/mongo/db/auth/README.md#umc-transactions), but it actually uses normal multi-document transaction syntax (https://github.com/mongodb/mongo/blob/92cc84b0171942375ccbd2312a052bc7e9f159dd/src/mongo/db/commands/user_management_commands.cpp#L775). We should correct this.

      Separately, this section (https://github.com/mongodb/mongo/blob/c061668218c8cbff1f508aa0204f452485d4bb36/src/mongo/db/auth/README.md#authorization-manager-external-state) says "remove cluster config servers" but it should say "remote cluster config servers".

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            judah.schvimer@mongodb.com Judah Schvimer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: