Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-95999

Investigate if $shardedDataDistribution Executed for a Specific Namespace can Require Lower Permissions

    • Catalog and Routing
    • Fully Compatible
    • CAR Team 2024-11-11, CAR Team 2024-11-25, CAR Team 2024-12-23

      $shardedDataDistribution has it's own privilege action which is included in the clusterMonitor role. When running $shardedDataDistribution without a filter on a specific namespace this make sense as the aggregation will return information for sharded collections across all databases. 

       

      When a customer is looking for the data distribution of a specific namespace (example below) the requirement to have the clusterMonitor role (or the specific shardedDataDistribution privilege action) seems unnecessary. Other commands such as collStats and listCollections are included in the read role for a database and it seems (if possible) that $shardedDataDistribution should align with that from a UX PoV.   

       

      db.aggregate([
          { 
              $shardedDataDistribution: {} 
          },
          {
              $match: { "ns": "test.foo" }
          }
      ]) 

            Assignee:
            silvia.surroca@mongodb.com Silvia Surroca
            Reporter:
            matt.panton@mongodb.com Matt Panton
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: