[DOCS-1250] Document that system.users access is blocked for readOnly users Created: 18/Mar/13 Updated: 20/Mar/13 Resolved: 20/Mar/13 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | David Hows | Assignee: | Sam Kleinman (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Days since reply: | 10 years, 48 weeks ago | ||||
| Description |
|
On the security practices page we dont mention that read only users cannot access the system.users collection for a given DB. We mention explicitly that readOnly users have read access to all collections in a db. We document it here. http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity |
| Comments |
| Comment by auto [ 20/Mar/13 ] |
|
Author: {u'date': u'2013-03-20T05:32:33Z', u'name': u'Michael C. Harris', u'email': u'michael@twofishcreative.com'}Message: Users with read only access to the admin database can't read the It's only fair that I patch this, since it was my support ticket that Signed-off-by: Sam Kleinman <samk@10gen.com> |
| Comment by auto [ 20/Mar/13 ] |
|
Author: {u'date': u'2013-03-20T05:32:33Z', u'name': u'Michael C. Harris', u'email': u'michael@twofishcreative.com'}Message: Users with read only access to the admin database can't read the It's only fair that I patch this, since it was my support ticket that Signed-off-by: Sam Kleinman <samk@10gen.com> |
| Comment by Sam Kleinman (Inactive) [ 20/Mar/13 ] |
|
Resolved by community pull request. |