Details
-
Task
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Server Security
-
Minor Change
-
Security 2023-08-07
Description
The action type configureQueryAnalyzer was added to the dbAdmin role according to the design for shard key metrics.]. However, the configureQueryAnalyzer command should not be permitted to run by users authenticated by Server Token (i.e. in multi-tenant situations).
The action type was added to serverlessActionType lists in SERVER-69653 in order to pass tests in native_tenant_data_isolation_with_security_token_jscore_passthrough test suite, but should ultimately be removed and excluded from permissions for multi-tenant users.