Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-70822

Consider restricting built-in roles permissions on system.buckets collections

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • Storage Execution NAMER

    Description

      Some built-in roles like readWriteAnyDatabase allow creating and performing other operations directly on a system.buckets collection. Since these collections should be manipulated as a time-series collection rather than directly, we should consider removing some of these permissions. Note that it won't fully disallow these operations since custom roles can always be created which explicitly grant these permissions, but it would have to be more deliberate.

      Attachments

        Activity

          People

            backlog-server-execution-namer@mongodb.com [DO NOT USE] Backlog - Storage Execution NAMER
            gregory.noma@mongodb.com Gregory Noma
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: