Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3091

Investigate changes in SERVER-65088: Create a privilegeless role called 'directShardOperations'

XMLWordPrintableJSON

    • Type: Icon: Investigation Investigation
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      Original Downstream Change Summary

      The server now has a new built-in role, `directShardOperations`. In 6.0, assigning this role to a user is a no-op and gives it no privileges. In post-6.0 releases, auth-enabled clusters will begin restricting direct operations on shards to authenticated users that have the `directShardOperations` role.

      Description of Linked Ticket

      We want to create this "placeholder" role in 6.0.0 that serves no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards.

            Assignee:
            dave.rolsky@mongodb.com Dave Rolsky
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: