Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.3
Affects Version/s: None
Component/s: Security
Labels:
None

Backwards Compatibility:
Major Change
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Rather than using CRUD operations on db.system.users collections, user objects will be manipulated via commands:

db.runCommand({
  createUser: 1,
  user: "spencer",
  password: "clear password",  // Unless "db" is "$external"
  extraData: <optional opaque Object>
  roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ... ]
});

db.runCommand({
  updateUser: 1,
  user: "spencer",
  password: "new password clear",  // Optional
  extraData: <Object>, // Optional
});

db.runCommand({  deleteUser: 1, user: "spencer" });

db.runCommand({
  grantRolesToUser: 1,
  user: "spencer",
  db: "somedb",  // Should this default to the db this command is targeted at?
  roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ...]
});

db.runCommand({
  revokeRolesForUser: 1,  // Who can do this?
  user: "spencer",
  db: "somedb",  // Should this default to the db this command is targeted at?
  roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ...]
});

db.runCommand({ usersInfo: 1, [userName: "spencer"] })

depends on

SERVER-9980 Add write concern to user management commands

Closed

is depended on by

SERVER-4225 Adding first admin user to database via localhost works but returns error message

Closed

CSHARP-793 Manipulate user objects exclusively via commands

Closed

DRIVERS-103 Manipulate user objects exclusively via commands

Closed

JAVA-830 update addUser to accomodate roles based syntax

Closed

JAVA-909 Update user manipulation helpers to use new manipulation commands provided by the server.

Closed

SERVER-10151 re-enable the "Test change role" section of jstests/auth/basic_role_auth.js once there are commands for managing a user's roles

Closed

SERVER-10249 Re-enable update portion of jstests/validate_user_documents.js once there is a command for updating user's roles

Closed

SERVER-10493 Update tools to support backing up and restoring user data properly with new user format 2.6

Closed

is duplicated by

SERVER-9662 API for managing user roles

Closed

is related to

SERVER-9446 No sanity check of role existence when creating users

Closed

SERVER-9939 createUser and updateUser commands aren't filtered from shell history, even though they may contain user's password

Closed

SERVER-10794 For compatibility with old versions of the shell, db.addUser("user", "password") should create a super-user.

Closed

SERVER-10320 Write jstest for adding/updating users when one or more config server is down

Closed

SERVER-7727 Provide at least two extra free format fields to store user information

Closed

related to

SERVER-19759 add a configure check for std::timed_mutex

Closed

(4 is depended on by, 1 is duplicated by, 5 is related to, 1 related to)

Assignee:: Spencer Brody (Inactive)
Reporter:: Spencer Brody (Inactive)
Participants:: Andy Schwerin, auto, Bernie Hackett, Derick Rethans, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 10 Start watching this issue

Created:: Jun 28 2012 11:56:41 PM UTC
Updated:: Aug 02 2018 09:24:24 PM UTC
Resolved:: Oct 11 2013 08:55:43 PM UTC
Confidence Status Last Update:: 11/Jun/13 5:35 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates