[DOCS-7664] Clarify descriptions of Query and Write Privilege Actions Created: 15/Apr/16  Updated: 30/Oct/23  Resolved: 03/Oct/16

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Allison Reinheimer Moore
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates DOCS-7250 Improve privilege actions page Closed
Related
related to DOCS-2935 Reorganize Privilige Actions Page Closed
is related to DOCS-7630 Document mapreduce authorization requ... Closed
Participants:
Days since reply: 7 years, 19 weeks, 2 days ago
Story Points: 1

 Description   

In the query and write actions section of the Privilege Acitons page, we should describe all the actions in terms of the commands that they imply. Currently insert and update are described that way, but find and remove are not.

  • 'find' implies: find, getMore, killCursors, aggregate, distinct, count, group, mapReduce, parallelCollectionScan... basically any read operation on a user collection
  • 'remove' implies: the delete command (and OP_DELETE if we're splitting hairs, but let's look forward)


 Comments   
Comment by Githook User [ 04/Oct/16 ]

Author:

{u'username': u'schmalliso', u'name': u'Allison Moore', u'email': u'allison.moore@10gen.com'}

Message: DOCS-7664: clarifies query and write privilege action descriptions

Signed-off-by: kay <kay.kim@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/893f52d43aef67f901e7d5d27009012b487296ff

Comment by Githook User [ 04/Oct/16 ]

Author:

{u'username': u'schmalliso', u'name': u'Allison Moore', u'email': u'allison.moore@10gen.com'}

Message: DOCS-7664: clarifies query and write privilege action descriptions

Signed-off-by: kay <kay.kim@10gen.com>
Branch: v3.2
https://github.com/mongodb/docs/commit/dc08e8308daa21f56048dadfb3d988a7e9bb484c

Comment by Jeffrey Yemin [ 03/May/16 ]

I don't see that. The build-in roles page lists the actions each role grants, but not the list of commands that each action implies. It's a bit confusing because so many of the actions have the same name as the single command that it implies. But the 'find' action happens to imply more than one command.

Comment by Steve Renaker (Inactive) [ 02/May/16 ]

The section on Built-In Roles (https://docs.mongodb.org/manual/reference/built-in-roles/) has lists of commands each privilege action implies. Should we expand the descriptions of Find, Insert, Remove, and Update on the Privilege Actions page as well?

Comment by Andreas Nilsson [ 20/Apr/16 ]

Ah yes, we had to let find -> killCursors for the clusterMonitor role until we have a better story around cursor ownership.

For getMore it depends on what type of query it was, see https://github.com/mongodb/mongo/blob/master/src/mongo/db/auth/authorization_session.cpp#L203-L244

Idk what parallellCollectionScan is but I will believe u.

Comment by Jeffrey Yemin [ 19/Apr/16 ]

Yes, I tested it. I created a user that had only the "find" privilege, and confirmed that I could execute all of these commands.

Comment by Andreas Nilsson [ 19/Apr/16 ]

I'm not sure find permission -> getMore and killCursors straight off. Are you sure about this jeff.yemin?

Generated at Thu Feb 08 07:54:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.