[DOCS-15928] Investigate changes in SERVER-72667: Add authorization checks for cluster checkMetadataConsistency command Created: 28/Feb/23  Updated: 13/Nov/23  Resolved: 02/Aug/23

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 7.0.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: David Hou
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-72667 Add authorization checks for cluster ... Closed
Participants:
Days since reply: 28 weeks, 1 day ago
Story Points: 2

 Description   
Original Downstream Change Summary

Introduces a new action type named "checkMetadataConsistency" that will be included in clusterAdmin and clusterManager built-in roles. Clearance on the new action is required to run the new "checkMetadataConsistency" command.

Description of Linked Ticket

Investigate and add the authorization checks for the new checkMetadataConsistency command.

https://github.com/10gen/mongo/blob/c892ad5a89e92acfe9847cdd31469fba93e21363/src/mongo/s/commands/cluster_check_metadata_consistency_cmd.cpp#L107-L109

The goal of this ticket is to add a new specific action type "checkMetadataConsistency" and include it in the following built-in roles:

  • clusterAdmin
  • clusterManager

Additionally we should add tests to ensure that users without this privilege are not authorized to run the new command.



 Comments   
Comment by David Hou [ 25/Jul/23 ]

Hi pol.pinol@mongodb.com , requesting your review on this when you get a chance - thanks!

https://github.com/10gen/docs-mongodb-internal/pull/4112

Generated at Thu Feb 08 08:14:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.