[DOCS-15228] [Server] Investigate changes in SERVER-65088: Create a privilegeless role called 'directShardOperations' Created: 11/Apr/22  Updated: 13/Nov/23  Resolved: 13/Apr/22

Status: Closed
Project: Documentation
Component/s: Server
Affects Version/s: None
Fix Version/s: 6.0.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-65088 Create a privilegeless role called 'd... Closed
Participants:
Days since reply: 1 year, 43 weeks, 1 day ago

 Description   
Original Downstream Change Summary

The server now has a new built-in role, `directShardOperations`. In 6.0, assigning this role to a user is a no-op and gives it no privileges. In post-6.0 releases, auth-enabled clusters will begin restricting direct operations on shards to authenticated users that have the `directShardOperations` role.

Description of Linked Ticket

We want to create this "placeholder" role in 6.0.0 that servers no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards.



 Comments   
Comment by Judah Schvimer [ 12/Apr/22 ]

Hi ashley.brown@mongodb.com. Yes that seems appropriate. Thanks!

Comment by Ashley Brown [ 12/Apr/22 ]

Hi judah.schvimer@mongodb.com – seems like there are no user-facing changes on this one yet. Should we close this ticket and open a new one once the role is in use in 7.0?

Comment by Jess Mokrzecki [ 11/Apr/22 ]

Fix Version updated for upstream SERVER-65088:
6.0.0-rc0

Generated at Thu Feb 08 08:12:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.