[DOCS-1250] Document that system.users access is blocked for readOnly users Created: 18/Mar/13  Updated: 20/Mar/13  Resolved: 20/Mar/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: David Hows Assignee: Sam Kleinman (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 10 years, 48 weeks ago

 Description   

On the security practices page we dont mention that read only users cannot access the system.users collection for a given DB. We mention explicitly that readOnly users have read access to all collections in a db.
http://docs.mongodb.org/manual/administration/security/#security-authentication

We document it here. http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity



 Comments   
Comment by auto [ 20/Mar/13 ]

Author:

{u'date': u'2013-03-20T05:32:33Z', u'name': u'Michael C. Harris', u'email': u'michael@twofishcreative.com'}

Message: DOCS-1250: Read-only users can't read system.users.

Users with read only access to the admin database can't read the
system.users collection. I considered adding a link to [Password Hashing
Insecurity](http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity)
but it doesn't add value.

It's only fair that I patch this, since it was my support ticket that
caused it to be opened in the first place.

Signed-off-by: Sam Kleinman <samk@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/2e2cc49ca57a93fe68293e7b9996982ede333070

Comment by auto [ 20/Mar/13 ]

Author:

{u'date': u'2013-03-20T05:32:33Z', u'name': u'Michael C. Harris', u'email': u'michael@twofishcreative.com'}

Message: DOCS-1250: Read-only users can't read system.users.

Users with read only access to the admin database can't read the
system.users collection. I considered adding a link to [Password Hashing
Insecurity](http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity)
but it doesn't add value.

It's only fair that I patch this, since it was my support ticket that
caused it to be opened in the first place.

Signed-off-by: Sam Kleinman <samk@10gen.com>
Branch: v2.2
https://github.com/mongodb/docs/commit/f84e407daeeff49ee4d2d7b5adc71c5e1e1b3f84

Comment by Sam Kleinman (Inactive) [ 20/Mar/13 ]

Resolved by community pull request.

Generated at Thu Feb 08 07:40:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.