[SERVER-6246] Manipulate user objects exclusively via commands - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.3
Component/s: Security
Labels:
None

Backwards Compatibility:
Major Change

Description

Rather than using CRUD operations on db.system.users collections, user objects will be manipulated via commands:

db.runCommand({

  createUser: 1,

  user: "spencer",

  password: "clear password",  // Unless "db" is "$external"

  extraData: <optional opaque Object>

  roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ... ]

});

db.runCommand({

  updateUser: 1,

  user: "spencer",

  password: "new password clear",  // Optional

  extraData: <Object>, // Optional

});

db.runCommand({  deleteUser: 1, user: "spencer" });

db.runCommand({

  grantRolesToUser: 1,

  user: "spencer",

  db: "somedb",  // Should this default to the db this command is targeted at?

  roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ...]

});

db.runCommand({

  revokeRolesForUser: 1,  // Who can do this?

  user: "spencer",

  db: "somedb",  // Should this default to the db this command is targeted at?

  roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ...]

});

db.runCommand({ usersInfo: 1, [userName: "spencer"] })

Attachments

Issue Links

depends on

SERVER-9980 Add write concern to user management commands

Closed

is depended on by

SERVER-4225 Adding first admin user to database via localhost works but returns error message

Closed

CSHARP-793 Manipulate user objects exclusively via commands

Closed

DRIVERS-103 Manipulate user objects exclusively via commands

Closed

JAVA-830 update addUser to accomodate roles based syntax

Closed

JAVA-909 Update user manipulation helpers to use new manipulation commands provided by the server.

Closed

DOCS-1936 Document: Manipulate user objects exclusively via commands

Closed

SERVER-10151 re-enable the "Test change role" section of jstests/auth/basic_role_auth.js once there are commands for managing a user's roles

Closed

SERVER-10249 Re-enable update portion of jstests/validate_user_documents.js once there is a command for updating user's roles

Closed

SERVER-10493 Update tools to support backing up and restoring user data properly with new user format 2.6

Closed

is duplicated by

SERVER-9662 API for managing user roles

Closed

is related to

SERVER-9446 No sanity check of role existence when creating users

Closed

SERVER-9939 createUser and updateUser commands aren't filtered from shell history, even though they may contain user's password

Closed

SERVER-10794 For compatibility with old versions of the shell, db.addUser("user", "password") should create a super-user.

Closed

SERVER-10320 Write jstest for adding/updating users when one or more config server is down

Closed

SERVER-7727 Provide at least two extra free format fields to store user information

Closed

related to

SERVER-19759 add a configure check for std::timed_mutex

Closed

(5 is depended on by, 1 is duplicated by, 5 is related to, 1 related to)

Activity

People

Assignee:: Spencer Brody (Inactive)

Reporter:: Spencer Brody (Inactive)

Participants:: Andy Schwerin, auto, Bernie Hackett, Derick Rethans, Spencer Brody

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: Jun 28 2012 11:56:41 PM UTC

Updated:: Aug 02 2018 09:24:24 PM UTC

Resolved:: Oct 11 2013 08:55:43 PM UTC