-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Sharding EMEA
-
Fully Compatible
-
Sharding EMEA 2023-03-06
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Investigate and add the authorization checks for the new checkMetadataConsistency command.
The goal of this ticket is to add a new specific action type "checkMetadataConsistency" and include it in the following built-in roles:
- clusterManager (by def, clusterAdmin has all privileges that clusterManager have)
Additionally, we should add tests to ensure that users without this privilege are not authorized to run the new command.
To sum up, as we have 3 level modes to run the command, we will have 3 different levels of privileges:
Cluster level mode:
- Cmd: db.getSiblingDB('admin').runCommnad({'checkMetadataConsistency': 1})
- Privileges: ResourcePattern::forClusterResource() and ActionType::checkMetadataConsistency
Database level mode:
- Cmd: db.runCommnad({'checkMetadataConsistency': 1})
- Privileges: (ResourcePattern::forClusterResource() or ResourcePattern::forDatabaseName(db)) and ActionType::checkMetadataConsistency
Collection level mode:
- Cmd: db.runCommand({'checkMetadataConsistency': 'myColl'})
- Privileges: (ResourcePattern::forClusterResource() or ResourcePattern:: forExactNamespace(nss)) and ActionType::checkMetadataConsistency
- has to be done before
-
-
- Closed
-
- is related to
-
-
- Closed
-