[SERVER-6620] Auth credentials should be invalidated when user is removed - MongoDB Jira

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Critical - P2
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.3
Component/s: Security
Labels:
None
Environment:
all

Description

When dropping a database, any users with privilege documents in that database's system.users collection should have those privileges revoked.

Same is true for removing a user any other way.

Attachments

Issue Links

depends on

SERVER-8580 User defined roles

Closed

is duplicated by

SERVER-2079 Authenticated Connections do not get terminated when dropDatabase() command is issued.

Closed

SERVER-13148 Authentication still holds after user removed

Closed

SERVER-8591 Revoke privileges for connections authenticated as deleted users

Closed

related to

SERVER-5582 Reset authentication info on active connections for user changes (password, level)

Closed

Activity

People

Assignee:: Spencer Brody (Inactive)

Reporter:: xie zhenye

Participants:: Andy Schwerin, Spencer Brody, xie zhenye

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: Jul 27 2012 10:15:43 AM UTC

Updated:: Oct 30 2015 02:47:20 PM UTC

Resolved:: Oct 15 2013 05:51:35 PM UTC