We need to ensure that only users with the allowed permissions are able to invoke the query settings commands and agg stage.
One way of doing it is through modification of the idl definition.
What we need to is:
- introduce a new action_type query_settings in action_type.idl file
- perform the authorisation check for commands
- for agg stage the privilege has to be defined in aggregate_command.idl as follows
... - privilege: # $querySettings resource_pattern: cluster action_type: query_settings
- adjust the privilege vector definition for the $querySettings agg stage
- extend the existing permission tests to ensure that authorization is performed accordingly in commands_lib.js
- depends on
-
SERVER-77464 Implement setQuerySettings command (insert case)
-
- Closed
-
-
-
- Closed
-
-
SERVER-77467 Implement removeQuerySettings command
-
- Closed
-
- is depended on by
-
COMPASS-7122 Investigate changes in SERVER-77551: Ensure only users with allowed permissions may invoke query settings commands
-
- Closed
-
- is documented by
-
-
- Backlog
-