Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3091

Investigate changes in SERVER-65088: Create a privilegeless role called 'directShardOperations'

    XMLWordPrintableJSON

Details

    • Investigation
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • None
    • None
    • None

    Description

      Original Downstream Change Summary

      The server now has a new built-in role, `directShardOperations`. In 6.0, assigning this role to a user is a no-op and gives it no privileges. In post-6.0 releases, auth-enabled clusters will begin restricting direct operations on shards to authenticated users that have the `directShardOperations` role.

      Description of Linked Ticket

      We want to create this "placeholder" role in 6.0.0 that serves no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards.

      Attachments

        Issue Links

          Activity

            People

              dave.rolsky@mongodb.com Dave Rolsky
              backlog-server-pm Backlog - Core Eng Program Management Team
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: