[DOCS-9442] Docs for SERVER-25354: users on mongos should always be able to run currentOp and killOp on their own operations Created: 02/Dec/16  Updated: 17/Jan/18  Resolved: 17/Jan/18

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Emily Hall Assignee: Steve Renaker (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-25354 users on mongos should always be able... Closed
Participants:
Days since reply: 6 years, 4 weeks, 1 day ago
Epic Link: PM-198

 Description   

Engineering Ticket Description:

SERVER-17856 added support for users on mongod running currentOp and killOp against operations they themselves had started.
From that ticket:

Both the inprog (currentOp) and killop (killOp) roles are granted at the cluster resource level, which makes them an all-or-none condition (I believe).

Use case:

Give developers access to a database with restricted access (basically read-only, non-administrative authority). However because they are given the ability to execute queries, it would be nice if they had the ability to kill any process that were executed by them. Some tools, such as Aqua Data Studio, utilize the killOp command to terminate any queries executed from their query window, however this functionality only works for individuals with administrative roles.
One solution would be to permit killOp command to be permissioned to allow a user to kill his own processes but no other.

Perhaps even just a single new role (userKillOp?) could suffice.

Though harder to achieve, this functionality should work on mongos as well.



 Comments   
Comment by Kay Kim (Inactive) [ 17/Jan/18 ]

This was already done in a separate ticket

Generated at Thu Feb 08 07:58:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.