Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-91103

Validate authorization rules for _shardsvrConvertToCapped

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 8.0.0-alpha2
    • Component/s: Security, Sharding
    • Catalog and Routing
    • ALL
    • CAR Team 2024-07-08
    • 1

      The _shardsvrConvertToCapped command has been introduced in v8.0 and allows any user with the internal privilege action to convert a collection to capped. The equivalent router-side command has a different authorization requirement (convertToCapped privilege action). Make sure that this is correct, specifically that it is OK to not check for the convertToCapped privilege action on the shard server because it is implied/superseded by the internal privilege action.

       

      Note that the validation behavior of _shardsvrConvertToCapped is the same as other commands such as _shardsvrDropIndexes so if any change is necessary, it will need to be evaluated for other commands as well.

            Assignee:
            joan.bruguera-mico@mongodb.com Joan Bruguera Micó
            Reporter:
            pierlauro.sciarelli@mongodb.com Pierlauro Sciarelli
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: