Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3091

Investigate changes in SERVER-65088: Create a privilegeless role called 'directShardOperations'

    XMLWordPrintableJSON

Details

    • Icon: Investigation Investigation
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None

    Description

      Original Downstream Change Summary

      The server now has a new built-in role, `directShardOperations`. In 6.0, assigning this role to a user is a no-op and gives it no privileges. In post-6.0 releases, auth-enabled clusters will begin restricting direct operations on shards to authenticated users that have the `directShardOperations` role.

      Description of Linked Ticket

      We want to create this "placeholder" role in 6.0.0 that serves no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards.

      Attachments

        Activity

          People

            dave.rolsky@mongodb.com Dave Rolsky
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: