Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-70822

Consider restricting built-in roles permissions on system.buckets collections

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • None
    • None
    • None
    • None
    • Storage Execution

    Description

      Some built-in roles like readWriteAnyDatabase allow creating and performing other operations directly on a system.buckets collection. Since these collections should be manipulated as a time-series collection rather than directly, we should consider removing some of these permissions. Note that it won't fully disallow these operations since custom roles can always be created which explicitly grant these permissions, but it would have to be more deliberate.

      Attachments

        Issue Links

          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-61589 Disallow users from creating collections with 'system.buckets' prefix

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              backlog-server-execution Backlog - Storage Execution Team
              gregory.noma@mongodb.com Gregory Noma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: