Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-70822

Consider restricting built-in roles permissions on system.buckets collections

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Storage Execution NAMER
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      Some built-in roles like readWriteAnyDatabase allow creating and performing other operations directly on a system.buckets collection. Since these collections should be manipulated as a time-series collection rather than directly, we should consider removing some of these permissions. Note that it won't fully disallow these operations since custom roles can always be created which explicitly grant these permissions, but it would have to be more deliberate.

            Assignee:
            backlog-server-execution-namer@mongodb.com [DO NOT USE] Backlog - Storage Execution NAMER
            Reporter:
            gregory.noma@mongodb.com Gregory Noma
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: